CVE-2024-2434

high-risk
Published 2024-04-25

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

Do I need to act?

!
11.2% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.5/10 High
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Gitlab

References (4)

Exploit https://gitlab.com/gitlab-org/gitlab/-/issues/450303
Permissions Required https://hackerone.com/reports/2401952
Exploit https://gitlab.com/gitlab-org/gitlab/-/issues/450303
Permissions Required https://hackerone.com/reports/2401952
50
/ 100
high-risk
Severity 29/34 · Critical
Exploitability 11/34 · Low
Exposure 10/34 · Low