Home > Vulnerability Database > CVE-2024-9773

Mend.io Vulnerability Database

CVE-2024-9773

Good to know:

Date: March 27, 2025

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.

Severity Score

3.7

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-9773

Url: https://hackerone.com/reports/2671808

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/498557

Url: https://www.mend.io/vulnerability-database/CVE-2024-9773

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Top Fix

Upgrade Version

Upgrade to version https://gitlab.com/gitlab-org/gitlab.git - v17.8.6-ee;https://gitlab.com/gitlab-org/gitlab.git - v17.9.3-ee;https://gitlab.com/gitlab-org/gitlab.git - v17.10.1-ee

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-9773

Good to know:

Date: March 27, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?