CVE-2024-6595

Summary

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab11.8 < 16.11.6affected
GitLabGitLab17.0 < 17.0.4affected
GitLabGitLab17.1 < 17.1.2affected

Weaknesses

  • CWE-451: CWE-451: User Interface (UI) Misrepresentation of Critical Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References