CVE-2024-8970
HIGHGitLab 11.6-17.2.8, 17.3-17.3.4, 17.4-17.4.1 - Incorrect Authorization
Title source: llmDescription
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
References (2)
Core 2
Core References
Broken Link issue-tracking
permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/490916
Permissions Required technical-description
exploit
permissions-required
https://hackerone.com/reports/2724948
Scores
CVSS v3
8.2
EPSS
0.0007
EPSS Percentile
20.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (1)
gitlab/gitlab
11.6.0 - 17.2.9 (2 CPE variants)
Published
Oct 11, 2024
Tracked Since
Feb 18, 2026