mickmick.net

GitLab Multiple Vulnerabilities

Release Date: 13 Sep 2024

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service
• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure
• Spoofing

---

System / Technologies affected

• GitLab Community Edition (CE) versions prior to 17.3.2, 17.2.5 and 17.1.7
• GitLab Enterprise Edition (EE) versions prior to 17.3.2, 17.2.5 and 17.1.7

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/

---

Vulnerability Identifier

• CVE-2024-2743
• CVE-2024-4283
• CVE-2024-4472
• CVE-2024-4612
• CVE-2024-4660
• CVE-2024-5435
• CVE-2024-6389
• CVE-2024-6446
• CVE-2024-6678
• CVE-2024-6685
• CVE-2024-8124
• CVE-2024-8311
• CVE-2024-8631
• CVE-2024-8635
• CVE-2024-8640
• CVE-2024-8641

---

Source

• GitLab

---

Related Link

• https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/