CVE-2024-2434 — Path Traversal in Gitlab

CWE-22 — Path Traversal6 documents6 sources

Severity

8.1HIGHNVD

EPSS

11.2%

top 6.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedApr 25

Description

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

▶CVEListV5gitlab/gitlab16.9 — 16.9.6+2

▶NVDgitlab/gitlab16.9.0 — 16.9.6+2

▶debiandebian/gitlab< gitlab 17.3.5-2 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16↗2024-04-25

▶

GHSA

GHSA-gwr5-7mcm-726j: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16↗2024-04-25

▶

📋Vendor Advisories

GitLab

CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.↗2024-04-25

▶

Red Hat

gitlab: path traversal could lead to DoS and restricted file read↗2024-04-25

▶

Debian

CVE-2024-2434: gitlab - An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 1...↗2024

▶