CVE-2024-9387

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 601

Summary

CVE-2024-9387 is a vulnerability affecting GitLab CE/EE versions 11.8 to 17.6.1. An attacker can exploit this issue by performing an open redirect against the releases API endpoint, potentially leading to unintended redirection to malicious websites. This vulnerability exists in all versions of GitLab prior to 17.4.6, 17.5.4, and 17.6.2. Users are advised to update their GitLab installations as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share