CVE-2024-9623
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Summary
CVE-2024-9623 is a vulnerability identified in GitLab CE/EE, impacting all versions from 8.16 up to but not including 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2, which allows deploy keys to push to archived repositories. This flaw poses a medium-level risk, as it requires high privileges and has a low attack complexity, making it potentially exploitable over the network without user interaction. Organizations using affected versions should remediate this vulnerability by updating their GitLab installations to the latest version that addresses this issue. The integrity impact is rated as high, indicating that unauthorized changes could be made to repository content, while there is no expected impact on confidentiality or availability. For further details and updates on this vulnerability, users can refer to the official GitLab issue tracker at GitLab Issue Tracker.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.