CVE-2024-5528

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 5, 2025

CWE ID 1023

Summary

CVE-2024-5528 is a vulnerability affecting GitLab CE/EE versions prior to 16.11.6, 17.0 prior to 17.0.4, and 17.1 prior to 17.1.2. This issue enables subdomain takeovers on GitLab Pages, allowing an attacker to gain control of a GitLab subdomain and potentially impersonate the affected organization. An attacker could use this vulnerability to redirect traffic to malicious sites or perform phishing attacks. GitLab has released patches to address this issue, and users are strongly encouraged to apply the updates to protect against potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wME_gF
https://www.cve.org/CVERecord?id=CVE-2024-5528
https://nvd.nist.gov/vuln/detail/CVE-2024-5528

Back to Vulnerability Database