Home > Vulnerability Database > CVE-2024-8402

Mend.io Vulnerability Database

CVE-2024-8402

Date: March 13, 2025

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.

Severity Score

3.7

Related Resources (4)

Url: https://hackerone.com/reports/2601569

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8402

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/482813

Url: https://www.mend.io/vulnerability-database/CVE-2024-8402

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8402

Date: March 13, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?