CVE-2024-9623

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Oct 10, 2024
CWE ID 863

Summary

CVE-2024-9623 is a vulnerability identified in GitLab CE/EE, impacting all versions from 8.16 up to but not including 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2, which allows deploy keys to push to archived repositories. This flaw poses a medium-level risk, as it requires high privileges and has a low attack complexity, making it potentially exploitable over the network without user interaction. Organizations using affected versions should remediate this vulnerability by updating their GitLab installations to the latest version that addresses this issue. The integrity impact is rated as high, indicating that unauthorized changes could be made to repository content, while there is no expected impact on confidentiality or availability. For further details and updates on this vulnerability, users can refer to the official GitLab issue tracker at GitLab Issue Tracker.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share