CVE-2024-0231 — Resource Injection in Gitlab

CWE-99 — Resource Injection CWE-74 — Injection6 documents6 sources

Severity

2.7LOWNVD

EPSS

0.4%

top 40.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJul 24

Latest updateJul 25

Description

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5gitlab/gitlab12.0 — 17.0.5+2

▶NVDgitlab/gitlab12.0.0 — 17.0.5+2

▶debiandebian/gitlab< gitlab 17.3.5-2 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-9jp8-rx43-82gm: A resource misdirection vulnerability in GitLab CE/EE versions 12↗2024-07-25

▶

OSV

CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12↗2024-07-24

▶

📋Vendor Advisories

GitLab

CVE-2024-0231: A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker↗2024-07-24

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Mina) — CVE-2019-0231↗2024-04-15

▶

Debian

CVE-2024-0231: gitlab - A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17....↗2024

▶