CVE-2024-9387
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Dec 12, 2024
CWE ID 601
Summary
CVE-2024-9387 is a vulnerability affecting GitLab CE/EE versions 11.8 to 17.6.1. An attacker can exploit this issue by performing an open redirect against the releases API endpoint, potentially leading to unintended redirection to malicious websites. This vulnerability exists in all versions of GitLab prior to 17.4.6, 17.5.4, and 17.6.2. Users are advised to update their GitLab installations as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- GitLab
Affected Vendors
- GitLab Inc.