An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs |
Thu, 29 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
Thu, 08 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:-:*:*:*:-:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
Metrics |
ssvc
|
Thu, 08 Aug 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | |
Title | Improper Control of Generation of Code ('Code Injection') in GitLab | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-08-08T10:31:17.868Z
Updated: 2024-09-17T15:31:43.886Z
Reserved: 2024-04-18T16:02:31.685Z
Link: CVE-2024-3958
Vulnrichment
Updated: 2024-08-08T14:25:15.066Z
NVD
Status : Analyzed
Published: 2024-08-08T11:15:12.967
Modified: 2024-08-29T15:50:33.257
Link: CVE-2024-3958
Redhat
No data.