CVE-2024-8311

MEDIUM

GitLab EE <17.2.5-17.3.2 - Auth Bypass

Title source: llm
STIX 2.1

Description

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0054
EPSS Percentile 41.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-424
Status published
Products (1)
gitlab/gitlab 17.2.0 - 17.2.5
Published Sep 12, 2024
Tracked Since Feb 18, 2026