CVERadar

CVE-2024-6385

Critical Severity

Gitlab

SVRS

87/100

CVSSv3

9.8/10

EPSS

0.00049/1

CVE-2024-6385 is a critical vulnerability in GitLab CE/EE that allows attackers to trigger pipelines as other users. This affects versions 15.8 before 16.11.6, 17.0 before 17.0.4, and 17.1 before 17.1.2. Given the high SOCRadar Vulnerability Risk Score (SVRS) of 87, this vulnerability is considered critical, demanding immediate patching and mitigation. The attack vector allows unauthorized pipeline execution, potentially leading to code injection, data breaches, or service disruption. This issue highlights a significant flaw in GitLab's authentication and authorization mechanisms. Successful exploitation could compromise the integrity of the entire software development lifecycle. The presence of the "In The Wild" tag further emphasizes the urgency as it indicates active exploitation of CVE-2024-6385 is occurring.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6

Rohit Shambhuni2025-04-01

GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6 | Today we are releasing versions 17.1.2, 17.0.4, 16.11.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important bug and security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com and GitLab Dedicated are already running the patched version. GitLab releases fixes for vulnerabilities in dedicated patch releases. There are two

gitlab.com

rss

forum

news

GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5

Greg Alfaro2025-03-01

GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5 | Today we are releasing versions 17.7.1, 17.6.3, 17.5.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action. GitLab releases fixes for vulnerabilities

gitlab.com

rss

forum

news

The Best, the Worst and the Ugliest in Cybersecurity | 2024 Edition

SentinelOne2024-12-27

The Best, the Worst and the Ugliest in Cybersecurity | 2024 Edition | Before we ring in the New Year, SentinelOne reviews and reflects on some of the most formative cyber news stories that occurred in 2024.It’s almost time to wave goodbye to the year that was 2024, and as we look ahead to 2025 and the challenges that might bring, now is a good time to reflect on the best, the worst and the ugliest cybersecurity

sentinelone.com

rss

forum

news

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

Ajit Jasrotia2024-10-11

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution | GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. “An issue was discovered in […] The post New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

allhackernews.com

rss

forum

news

GitLab Yeni CI/CD Boru Hattı Ele Geçirme Açığı ile Kullanıcıları Tekrar Telaşlandırıyor

agurdal2024-07-20

GitLab Yeni CI/CD Boru Hattı Ele Geçirme Açığı ile Kullanıcıları Tekrar Telaşlandırıyor |   GitLab, son zamanlarda, DevOps platformunun topluluk ve kurumsal sürümlerinde sürekli entegrasyon/sürekli dağıtım (CI/CD) işlem hatlarını etkileyebilecek kritik bir güvenlik açığını hızla kapatmak için kullanıcıları uyarıyor. Bir GitLab CI/CD boru hattı, yazılım geliştirme sürecinde derleme, test ve dağıtım adımlarını otomatikleştirerek geliştiricilere büyük kolaylık sağlar. Ancak CVE-2024-6385 olarak belirtilen bu güvenlik açığı, potansiyel olarak saldırganlara herhangi bir kullanıcı kimliği altında bir boru hattı çalıştırma yeteneği sunarak ciddi bir tehdit oluşturuyor. Skybox Security’de kıdemli teknik direktör olan Howard Goodman’a göre, bu açık, bir

cve-2024-5655

cve-2024-6385

domains

urls

15th July – Threat Intelligence Report

hagarb2024-07-15

15th July – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 15th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American telecom giant AT&T has disclosed a massive data breach that exposed personal information of 110M of its customers. The data was stolen from the company’s workspace on a third-party cloud platform, […] The post 15th July – Threat Intelligence Report appeared first on

checkpoint.com

rss

forum

news

15th July – Threat Intelligence Report - Check Point Research

2024-07-15

15th July – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 15th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American telecom giant AT&T has disclosed a massive data breach that exposed personal information of 110M of its customers. The data was stolen from the company’s workspace on a third-party cloud platform, referring to Snowflake. The leaked data allegedly includes the full metadata of all of AT&T mobile customers, which can be used to find people’s close contacts. Pharmacy giant Rite Aid

google.com

rss

forum

news

Social Media

transilienceai

@transilienceai

2024-07-24

Actively exploited CVE ID, source in the thread (generated, not vetted) CVE-2024-6385

OpsMatters

@opsmatters_uk

2024-07-15

The latest update for #ArcticWolf includes "How To Stop MFA Fatigue Attacks" and "CVE-2024-6385: Critical Unauthorized Pipeline Job Vulnerability in GitLab". #cybersecurity #infosec #networks https://t.co/yhyVljouXr

rfrumm

@rfrumm

2024-07-15

Am 10. Juli 2024 gab GitLab eine Warnung zu einer kritischen Sicherheitslücke (CVE-2024-6385) in GitLab CE/EE heraus, die ihnen über ein Bug-Bounty-Programm gemeldet worden war. Die Empfehlungen von Arctic Wolf finden Sie hier. #EndCyberRisk https://t.co/fRV9arUjMN

Geeknik`s {{🌻}} Lab

@geeknik

2024-07-14

GitLab's latest security flaw: CVE-2024-6385. Imagine pipelines as neural pathways, now hijacked by rogue synapses. Upgrade immediately or risk your codebase becoming a cybernetic battleground. https://t.co/qDHBtReyeU

Salman | Landing Page Launcher

@pagebuilderhs

2024-07-13

CVE-2024-6385: Improper Access Control in GitLab, 9.6 rating 🔥 The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.

Arctic Wolf

@AWNetworks

2024-07-12

On July 10, 2024, GitLab issued an advisory regarding a critical vulnerability (CVE-2024-6385) in GitLab CE/EE that had been reported to them through a bug bounty program. Find Arctic Wolf's recommendations: https://t.co/jgnrkxRMh9 #EndCyberRisk

Ava Pixel

@AvaPixel95

2024-07-12

🚨 Critical GitLab vulnerability alert! 🚨 Attackers can run pipeline jobs as any user due to CVE-2024-6385. Update to the latest versions ASAP to protect your CI/CD processes. Read more: https://t.co/eey1wfMKt4 #GitLab #CyberSecurity

Bot Deschamps Newsletter

@BotDeschamps

2024-07-12

GitLab alerta usuários sobre falha crítica de segurança em sua plataforma: a vulnerabilidade, rastreada como CVE-2024-6385, permite que invasores executem jobs de pipeline — processos automatizados de build, testes e implantação de código — utilizando uma conta de outra

Sam Stepanyan

@securestep9

2024-07-11

#GitLab Patches Critical #Vulnerability Which Allowed Attackers to run #pipeline jobs as an arbitrary user (CVE-2024-6385): 👇 https://t.co/GcCLjLLIYO https://t.co/sFYhIAqwJn

SRA_ThreatWatch

@SRA_ThreatWatch

2024-07-11

#GitLab releases critical patches (17.1.2, 17.0.4, 16.11.6) for multiple vulnerabilities. #CVE-2024-6385 allows arbitrary pipeline job execution. https://t.co/7N8eWypYAB

Affected Software

Configuration 1

Type	Vendor	Product
App	Gitlab	gitlab

References

Reference	Link
[email protected]	https://gitlab.com/gitlab-org/gitlab/-/issues/469217
[email protected]	https://hackerone.com/reports/2578672

CWE Details

CWE ID	CWE Name	Description
CWE-284	Improper Access Control	The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence