CVE-2024-9387

MEDIUM

GitLab 11.8-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Open Redirect via Releases API Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-9387. PoCs published by hackerone_dug, hackerone_a0xnirudh.

AI-analyzed exploit summary The repository contains only a generic GitLab README template with no exploit code, technical details, or references to CVE-2024-9387. It appears to be a placeholder or incorrectly labeled repository.

Description

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

Exploits (2)

gitlab STUB
by hackerone_dug · poc
https://gitlab.com/hackerone_dug/cve-2024-9387-bypass-test2

The repository contains only a generic GitLab README template with no exploit code, technical details, or references to CVE-2024-9387. It appears to be a placeholder or incorrectly labeled repository.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 23, 2026 Full analysis →
gitlab STUB
by hackerone_a0xnirudh · poc
https://gitlab.com/hackerone_a0xnirudh/cve-2024-9387-bypass-test2

The repository contains only a generic GitLab README template with no exploit code, technical details, or references to CVE-2024-9387. It appears to be a placeholder or incorrectly labeled repository.

Classification
Stub 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Issue Tracking, Vendor Advisory issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/496659
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2732235

Scores

CVSS v3 6.4
EPSS 0.0037
EPSS Percentile 28.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-601
Status published
Products (1)
gitlab/gitlab 11.8.0 - 17.4.6 (2 CPE variants)
Published Dec 12, 2024
Tracked Since Feb 18, 2026