An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.
History

Fri, 13 Dec 2024 17:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 11:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.
Title Missing Authentication for Critical Function in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-306
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-10-11T11:30:42.233Z

Updated: 2024-10-11T13:42:39.983Z

Reserved: 2024-09-24T19:03:57.448Z

Link: CVE-2024-9164

cve-icon Vulnrichment

Updated: 2024-10-11T13:42:36.196Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-11T13:15:17.700

Modified: 2024-12-13T16:33:53.080

Link: CVE-2024-9164

cve-icon Redhat

No data.