Home > Vulnerability Database > CVE-2024-9164

Mend.io Vulnerability Database

CVE-2024-9164

Date: October 11, 2024

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.

Language: Ruby

Severity Score

9.6

Related Resources (5)

Url: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/493946

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-9164

Url: https://hackerone.com/reports/2711204

Url: https://www.mend.io/vulnerability-database/CVE-2024-9164

Severity Score

9.6

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-9164

Date: October 11, 2024

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?