CVE-2024-7110

Summary

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab17.1 < 17.1.6affected
GitLabGitLab17.2 < 17.2.4affected
GitLabGitLab17.3 < 17.3.1affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References