CVE-2024-6678

CRITICAL

GitLab CE/EE <17.1.7-17.3.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6678. PoCs published by FaLLenSKiLL1.

AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2024-6678, which allows a GitLab Developer to trigger pipeline schedules owned by higher-privileged users, potentially leaking sensitive variables. The PoC includes both REST and GraphQL exploitation paths, as well as a protected-ref bypass technique.

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.

Exploits (1)

github WORKING POC 1 stars

by FaLLenSKiLL1 · pythonpoc

https://github.com/FaLLenSKiLL1/CVE-2024-6678

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2024-6678, which allows a GitLab Developer to trigger pipeline schedules owned by higher-privileged users, potentially leaking sensitive variables. The PoC includes both REST and GraphQL exploitation paths, as well as a protected-ref bypass technique.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: GitLab CE/EE 8.14 – 17.1.6 / 17.2.4 / 17.3.1

Auth required

Prerequisites: GitLab Developer access · Target project with pipeline schedules · Schedule on unprotected branch or legacy ref

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 21, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes

https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/

Broken Link issue-tracking permissions-required

https://gitlab.com/gitlab-org/gitlab/-/issues/471923

Permissions Required technical-description exploit permissions-required

https://hackerone.com/reports/2595495

Scores

CVSS v3 9.9

EPSS 0.0200

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-290

Status published

Products (1)

gitlab/gitlab 8.14.0 - 17.1.7 (2 CPE variants)

Published Sep 12, 2024

Tracked Since Feb 18, 2026