CVE-2024-9512

MEDIUM

Gitlab < 17.10.8 - TOCTOU Race Condition

Title source: rule

Description

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/497748

[Permissions Required] https://hackerone.com/reports/2683469

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-367

Status published

Affected Products (2)

gitlab/gitlab < 17.10.8

Timeline

Published Jun 12, 2025

Tracked Since Feb 18, 2026