CVE-2024-0231
published 2024-07-24CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft…
PriorityP410low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.33%
24.8th percentile
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-2 (sid) | gitlab 17.3.5-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.0 < 17.0.5 | 17.0.5 |
| gitlab | gitlab | >= 12.0.0 < 17.0.5 | 17.0.5 |
| gitlab | gitlab | >= 17.1 < 17.1.3 | 17.1.3 |
| gitlab | gitlab | >= 17.1.0 < 17.1.3 | 17.1.3 |
| gitlab | gitlab | >= 17.2 < 17.2.1 | 17.2.1 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
osv2.7LOW
vendor_oracle7.5HIGH
vendor_debian2.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9jp8-rx43-82gm: A resource misdirection vulnerability in GitLab CE/EE versions 12
ghsa_unreviewed·2024-07-25
CVE-2024-0231 [LOW] CWE-74 GHSA-9jp8-rx43-82gm: A resource misdirection vulnerability in GitLab CE/EE versions 12
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
OSV
CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12
osv·2024-07-24·CVSS 2.7
CVE-2024-0231 [LOW] CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
GitLab
CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker
vendor_gitlab·2024-07-24·CVSS 2.7
CVE-2024-0231 [LOW] CWE-99 CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker
CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Mina) — CVE-2019-0231
vendor_oracle·2024-04-15·CVSS 7.5
CVE-2019-0231 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Mina) — CVE-2019-0231
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Mina) vulnerability
CVE: CVE-2019-0231
CVSS: 7.5
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2024 (APR 2024)
Debian
CVE-2024-0231: gitlab - A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17....
vendor_debian·2024·CVSS 2.7
CVE-2024-0231 [LOW] CVE-2024-0231: gitlab - A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17....
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
Scope: local
sid: resolved (fixed in 17.3.5-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-24
Published