CVE-2024-9512

MEDIUM

Gitlab < 17.10.8 - TOCTOU Race Condition

Title source: rule

Description

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/497748

[Permissions Required] https://hackerone.com/reports/2683469

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-367

Status published

Products (1)

gitlab/gitlab < 17.10.8 (2 CPE variants)

Published Jun 12, 2025

Tracked Since Feb 18, 2026