216.73.217.64

CVE-2024-9163

· Published 23/05/2025 13:15 · Modified 23/05/2025 15:54

Labels: CVE-2024-9163 2025-05-23CVE-2024-9163CWE-451[email protected]

Essential information

Published
23/05/2025 13:15
Modified
23/05/2025 15:54
Author
Creator
CVSS
3.5 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CVSS metrics

Description

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:12.1:*:*:*:*:*:*:*
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:<17.10.7:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:12.1:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:<17.10.7:*:*:*:*:*:*:*
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:<17.11.3:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:<17.11.3:*:*:*:*:*:*:*
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:<18.0.1:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:<18.0.1:*:*:*:*:*:*:*

References