Home > Vulnerability Database > CVE-2024-8311

Mend.io Vulnerability Database

CVE-2024-8311

Date: September 12, 2024

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

Language: Ruby

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8311

Url: https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/479315

Url: https://www.mend.io/vulnerability-database/CVE-2024-8311

Severity Score

6.5

Weakness Type (CWE)

Improper Protection of Alternate Path

CWE-424

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8311

Date: September 12, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?