CVE-2024-7110

MEDIUM

Gitlab < 17.1.6 - Command Injection

Title source: rule

Description

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

References (1)

[Third Party Advisory] https://gitlab.com/gitlab-org/gitlab/-/issues/472603

Scores

CVSS v3 6.4

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Classification

CWE

CWE-77

Status published

Affected Products (2)

gitlab/gitlab < 17.1.6

Timeline

Published Aug 22, 2024

Tracked Since Feb 18, 2026