An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/472603 |
History
Wed, 11 Sep 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Thu, 22 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
Metrics |
ssvc
|
Thu, 22 Aug 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | |
Title | Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab | |
Weaknesses | CWE-77 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-08-22T15:30:47.474Z
Updated: 2024-09-17T15:35:37.142Z
Reserved: 2024-07-25T13:30:43.896Z
Link: CVE-2024-7110
Vulnrichment
Updated: 2024-08-22T18:05:12.546Z
NVD
Status : Analyzed
Published: 2024-08-22T16:15:10.627
Modified: 2024-09-11T16:52:37.847
Link: CVE-2024-7110
Redhat
No data.