Race Condition Vulnerability in GitLab EE Affecting Multiple Versions
CVE-2024-9512

5.3MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 12 June 2025

What is CVE-2024-9512?

A race condition vulnerability was identified in GitLab EE that impacts all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. This issue allows a scenario where a private repository could potentially be cloned if there is a synchronization problem with a secondary node. It highlights a significant risk of unauthorized access to sensitive data, underscoring the importance of maintaining updated software to mitigate such vulnerabilities.

Affected Version(s)

GitLab 0 < 17.10.8

GitLab 17.11 < 17.11.4

GitLab 18.0 < 18.0.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/497748

issue-trackingpermissions-required

https://hackerone.com/reports/2683469

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Oct 4, 2024

Credit

Thanks [hdtran](https://hackerone.com/hdtran) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

What is CVE-2024-9512?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit