CVE-2024-3958
MEDIUMGitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Code Injection via Repository Display Discrepancy
Title source: llmDescription
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
References (2)
Core 2
Core References
Broken Link issue-tracking
permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/456988
Permissions Required technical-description
exploit
permissions-required
https://hackerone.com/reports/2437784
Scores
CVSS v3
5.3
EPSS
0.0010
EPSS Percentile
27.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
gitlab/gitlab
< 17.0.6 (2 CPE variants)
Published
Aug 08, 2024
Tracked Since
Feb 18, 2026