CVE-2024-2434
published 2024-04-25CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where…
PriorityP262high8.1CVSS 3.1
AVNACLPRLUINSUCHINAH
EPSS
22.89%
97.5th percentile
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-2 (sid) | gitlab 17.3.5-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.10 < 16.10.4 | 16.10.4 |
| gitlab | gitlab | >= 16.10.0 < 16.10.4 | 16.10.4 |
| gitlab | gitlab | >= 16.11 < 16.11.1 | 16.11.1 |
| gitlab | gitlab | >= 16.9 < 16.9.6 | 16.9.6 |
| gitlab | gitlab | >= 16.9.0 < 16.9.6 | 16.9.6 |
| gitlab | gitlab_ce | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal attempts targeting GitLab CE/EE endpoints, which could indicate exploitation of CVE-2024-2434 leading to DoS or restricted file read ↗
- ·Affected versions are GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1; fixed in 16.9.6, 16.10.4, and 16.11.1 respectively ↗
- ·Debian sid resolved the issue with package version fixed in 17.3.5-2 ↗
- ·Red Hat has marked the affected package (openshift4/ose-console) as 'Will not fix' for Red Hat OpenShift Container Platform 4 ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv8.1HIGH
vendor_debian8.5HIGH
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.
vendor_gitlab·2024-04-25·CVSS 8.5
CVE-2024-2434 [HIGH] CWE-22 CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.
CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
Red Hat
gitlab: path traversal could lead to DoS and restricted file read
vendor_redhat·2024-04-25·CVSS 8.5
CVE-2024-2434 [HIGH] CWE-22 gitlab: path traversal could lead to DoS and restricted file read
gitlab: path traversal could lead to DoS and restricted file read
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
A flaw was found in GitLab. A path traversal issue could lead to a denial of service and restricted file read. This issue affects all versions of GitLab CE/EE 16.9 through 16.9.6, 16.10 through 16.10.4, and 16.11 through 16.11.1.
Package: openshift4/ose-console (Red Hat OpenShift Container Platform 4) - Will not fix
Debian
CVE-2024-2434: gitlab - An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 1...
vendor_debian·2024·CVSS 8.5
CVE-2024-2434 [HIGH] CVE-2024-2434: gitlab - An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 1...
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
Scope: local
sid: resolved (fixed in 17.3.5-2)
OSV
CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16
osv·2024-04-25·CVSS 8.1
CVE-2024-2434 [HIGH] CVE-2024-2434: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
GHSA
GHSA-gwr5-7mcm-726j: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16
ghsa_unreviewed·2024-04-25
CVE-2024-2434 [HIGH] CWE-22 GHSA-gwr5-7mcm-726j: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
No detection rules found.
No public exploits indexed.
2024-04-25
Published