CVE-2024-0231 LOW

CVE-2024-0231: Improper Control of Resource Identifiers ('Resource Injection') in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-99
Published July 24, 2024
Last update August 29, 2024

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.

Key dates

02Disclosure timeline

July 24, 2024 CVE published
August 29, 2024 Record updated