CVE-2024-8402
low-risk
Published 2025-03-13
An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10
Low
LOCAL
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (2)
Permissions Required
https://hackerone.com/reports/2601569
15
/ 100
low-risk
Severity
10/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal