CVE-2024-8311

Summary

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab17.2 < 17.2.5affected
GitLabGitLab17.3 < 17.3.2affected

Weaknesses

  • CWE-424: CWE-424: Improper Protection of Alternate Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References