GitLab Disclosure: Security Vulnerability in Web Application and Git Command Line Interface

CVE-2024-3958

6.5MEDIUM

Key Information

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
8 August 2024

Summary

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

Affected Version(s)

GitLab < 17.0.6

GitLab < 17.1.4

GitLab < 17.2.2

Refferences

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Thanks [st4nly0n](https://hackerone.com/st4nly0n) for reporting this vulnerability through our HackerOne bug bounty program
.