CVE-2024-0231
low-risk
Published 2024-07-24
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
Do I need to act?
-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.7/10
Low
NETWORK
/ LOW complexity
Affected Vendors
References (4)
Issue Tracking
https://gitlab.com/gitlab-org/gitlab/-/issues/437103
Permissions Required
https://hackerone.com/reports/2299337
Issue Tracking
https://gitlab.com/gitlab-org/gitlab/-/issues/437103
Permissions Required
https://hackerone.com/reports/2299337
25
/ 100
low-risk
Severity
14/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
10/34 · Low