CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0231

Medium Severity
Gitlab
SVRS
30/100
CVSSv3
2.7/10
EPSS
0.00103/1

CVE-2024-0231 is a resource misdirection vulnerability in GitLab that could allow attackers to manipulate repository imports. Specifically, versions of GitLab CE/EE before 17.0.5, 17.1.3, and 17.2.1 are affected. An attacker can craft a malicious repository import to misdirect commits, potentially leading to code injection or other unauthorized actions. While the CVSS score is relatively low at 2.7, indicating low severity, organizations using GitLab should still investigate due to the 'In The Wild' tag. SOCRadar's SVRS of 30 suggests the real-world risk may be higher than the CVSS score indicates. This vulnerability, categorized as CWE-74 (Improper Neutralization of Special Elements used in an Output Command), warrants patching and careful review of repository import processes to prevent exploitation and maintain code integrity. It is significant because even seemingly minor vulnerabilities can be chained together for larger attacks.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:H
UI:N
S:U
C:N
I:L
A:N
PUBLICATION DATE2024-07-24
LAST MODIFIED2024-09-11

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

GitLab Patch Release: 17.2.1, 17.1.3, 17.0.5
Greg Alfaro2025-04-01
GitLab Patch Release: 17.2.1, 17.1.3, 17.0.5 | Today we are releasing versions 17.2.1, 17.1.3, 17.0.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important bug and security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab releases fixes for vulnerabilities in dedicated patch releases. There are two types of patch releases
gitlab.com
rss
forum
news
GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
Dhivya2024-07-25
GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code | GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garnered particular attention due to its potential to allow attackers to execute arbitrary code. Summary of the Update On July 25, 2024, GitLab announced the release of versions 17.2.1, 17.1.3, […] The post GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
cve-2024-0231
cve-2024-7057
cve-2024-5067
domains
GitLab Patch XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
Dhivya2024-07-25
GitLab Patch XSS Vulnerability that Lets Attackers to Execute Arbitrary Code | GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garnered particular attention due to its potential to allow attackers to execute arbitrary code. Summary of the Update On July 25, 2024, GitLab announced the release of versions 17.2.1, 17.1.3, […] The post GitLab Patch XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
cve-2024-0231
cve-2024-5067
cve-2024-7057
domains

Social Media

🚨 CVE-2024-0231: GitLab CE/EE up to 17.0.4/17.1.2/17.2.0 vulnerable to resource injection. Improper control of resource IDs could lead to remote attacks. Upgrade affected versions immediately to mitigate risks. #CyberSecurity #InformationSecurity
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGitlabgitlab

References

ReferenceLink
[email protected]https://gitlab.com/gitlab-org/gitlab/-/issues/437103
[email protected]https://hackerone.com/reports/2299337

CWE Details

CWE IDCWE NameDescription
CWE-99Improper Control of Resource Identifiers ('Resource Injection')The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence