CVE-2024-9870

MEDIUM

GitLab 15.11-17.6.5, 17.7-17.7.4, 17.8-17.8.2 - Server-Side Request Forgery

Title source: llm
STIX 2.1

Description

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.

References (2)

Core 2
Core References
Exploit, Issue Tracking issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/498911
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2734142

Scores

CVSS v3 4.3
EPSS 0.0037
EPSS Percentile 28.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-441 CWE-918
Status published
Products (1)
gitlab/gitlab 15.11.0 - 17.6.5
Published Feb 12, 2025
Tracked Since Feb 18, 2026