CVE-2024-6385
published 2024-07-11CVE-2024-6385: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.04%
92.5th percentile
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-2 (sid) | gitlab 17.3.5-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.8 < 16.11.6 | 16.11.6 |
| gitlab | gitlab | >= 15.8.0 < 16.11.6 | 16.11.6 |
| gitlab | gitlab | >= 17.0 < 17.0.4 | 17.0.4 |
| gitlab | gitlab | >= 17.0.0 < 17.0.4 | 17.0.4 |
| gitlab | gitlab | >= 17.1 < 17.1.2 | 17.1.2 |
| gitlab | gitlab | >= 17.1.0 < 17.1.2 | 17.1.2 |
| gitlab | gitlab_ce | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerable GitLab CE/EE version ranges: 15.8 to <16.11.6, 17.0 to <17.0.4, and 17.1 to <17.1.2. Fixed versions are 16.11.6, 17.0.4, and 17.1.2 respectively. ↗
- ·Debian sid package resolved the vulnerability in version 17.3.5-2. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-74cm-4qqj-22p4: An issue was discovered in GitLab CE/EE affecting all versions starting from 15
ghsa_unreviewed·2024-07-11
CVE-2024-6385 [CRITICAL] CWE-284 GHSA-74cm-4qqj-22p4: An issue was discovered in GitLab CE/EE affecting all versions starting from 15
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
OSV
CVE-2024-6385: An issue was discovered in GitLab CE/EE affecting all versions starting from 15
osv·2024-07-11·CVSS 9.8
CVE-2024-6385 [CRITICAL] CVE-2024-6385: An issue was discovered in GitLab CE/EE affecting all versions starting from 15
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
GitLab
CVE-2024-6385: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting f
vendor_gitlab·2024-07-11·CVSS 9.6
CVE-2024-6385 [CRITICAL] CWE-284 CVE-2024-6385: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting f
CVE-2024-6385: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
Debian
CVE-2024-6385: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 15....
vendor_debian·2024·CVSS 9.6
CVE-2024-6385 [CRITICAL] CVE-2024-6385: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 15....
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
Scope: local
sid: resolved (fixed in 17.3.5-2)
No detection rules found.
No public exploits indexed.
Bleepingcomputer
GitLab warns of critical arbitrary branch pipeline execution flaw
blogs_bleepingcomputer·2024-10-10·CVSS 7.3
CVE-2024-9164 [HIGH] GitLab warns of critical arbitrary branch pipeline execution flaw
## GitLab warns of critical arbitrary branch pipeline execution flaw
## Bill Toulas
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw.
The vulnerability, which is tracked as CVE-2024-9164 , allows unauthorized users to trigger Continuous Integration/Continuous Delivery (CI/CD) pipelines on any branch of a repository.
CI/CD pipelines are automated processes that perform tasks such as building, testing, and deploying code, normally available only to users with appropriate permissions.
An attacker capable of bypassing branch protections could potentially perform code execution or gain access to sensitive information.
The issue, which has received a CVSS v3.1
Bleepingcomputer
GitLab warns of critical pipeline execution vulnerability
blogs_bleepingcomputer·2024-09-12·CVSS 8.2
CVE-2024-6678 [HIGH] GitLab warns of critical pipeline execution vulnerability
## GitLab warns of critical pipeline execution vulnerability
## Bill Toulas
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
The release is for versions 17.3.2, 17.2.5, and 17.1.7 for both GitLab Community Edition (CE) and Enterprise Edition (EE), and patches a total of 18 security issues as part of the bi-monthly (scheduled) security updates.
With a critical severity score of 9.9, the CVE-2024-6678 vulnerability could enable an attacker to execute environment stop actions as the owner of the stop action job.
The severity of the flaw comes from its potential for remote exploitation, lack of user interaction, and the low privileges requ
Checkpoint
15th July – Threat Intelligence Report
blogs_checkpoint·2024-07-15
CVE-2024-38112 15th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 15th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 15th July, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American telecom giant AT&T has disclosed a massive data breach that exposed personal information of 110M of its customers. The data was stolen from the company’s workspace on a third-party cloud platform, referring to Snowflake. The leaked data allegedly includes the full metadata of all of AT&T mobile customers, which can be
2024-07-11
Published