mickmick.net

GitLab Multiple Vulnerabilities

Release Date: 13 Dec 2024

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit these vulnerabilities to trigger denial of service condition, cross-site scripting and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Cross-Site Scripting
• Information Disclosure

---

System / Technologies affected

• GitLab Community Edition (CE) versions prior to 17.6.2, 17.5.4 and 17.4.6
• GitLab Enterprise Edition (EE) versions prior to 17.6.2, 17.5.4 and 17.4.6

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/

---

Vulnerability Identifier

• CVE-2024-8116
• CVE-2024-8179
• CVE-2024-8233
• CVE-2024-8647
• CVE-2024-8650
• CVE-2024-9367
• CVE-2024-9387
• CVE-2024-9633
• CVE-2024-10043
• CVE-2024-11274
• CVE-2024-12292
• CVE-2024-12570

---

Source

• GitLab

---

Related Link

• https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/