CVE-2024-8977

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8977

Aliases

BIT-gitlab-2024-8977

Published

2024-10-10T10:15:08Z

Modified

2025-03-31T19:59:08Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

defe6e7f8821c58e67a2e909ef8d36463d76e7e8

Fixed

91146650fd2d7d080662a536b1d04a5c96f451be