An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 11 Oct 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. | |
Title | Missing Authentication for Critical Function in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-306 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-10-11T11:30:42.233Z
Updated: 2024-10-11T13:42:39.983Z
Reserved: 2024-09-24T19:03:57.448Z
Link: CVE-2024-9164
Vulnrichment
Updated: 2024-10-11T13:42:36.196Z
NVD
Status : Analyzed
Published: 2024-10-11T13:15:17.700
Modified: 2024-12-13T16:33:53.080
Link: CVE-2024-9164
Redhat
No data.