CVE-2024-8402 LOW

CVE-2024-8402: Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-77
Published March 13, 2025
Last update March 13, 2025

CVSS base score

3.7/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.

Key dates

02Disclosure timeline

March 13, 2025 CVE published
March 13, 2025 Record updated