CVE-2024-9183

216.73.216.226

· Published 05/12/2025 17:16 · Modified 10/12/2025 05:15

Labels: CVE-2024-9183 2025-12-05 CVE-2024-9183 CWE-367 [email protected]

Essential information

Published: 05/12/2025 17:16
Modified: 10/12/2025 05:15
Author: —
Creator: —
CVSS: 7.7 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CVSS metrics

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.

NVD status

Status: Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`