Attacker can trigger pipeline as another user

CVE-2024-5655
9.6CRITICAL

Key Information

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
27 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.

Affected Version(s)

GitLab < 16.11.5

GitLab < 17.0.3

GitLab < 17.1.1

News Articles

favicon image

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

The bug is similar — but not identical — to a critical flaw GitLab patched just two weeks ago.

4 months ago

favicon imageSC Media

Over a dozen GitLab vulnerabilities addressed

Most severe of the addressed flaws is a critical bug in GitLab CE/EE versions newer than 15.8, 17.0, and 17.1, tracked as CVE-2024-5655, which could be leveraged to facilitate automated execution of a pipeline upon the automated re-targeting of a merge request.

4 months ago

favicon image

Critical GitLab Bug Threatens Software Development Pipelines

The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.

5 months ago

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit exists.

  • Risk change from: 8.8 to: 9.6 - (CRITICAL)

  • First article discovered by The Hacker News

  • Risk change from: null to: 9.6 - (CRITICAL)

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)4 News Article(s)

Credit

Thanks [ahacker1](https://hackerone.com/ahacker1) for reporting this vulnerability through our HackerOne bug bounty program
.