CVE-2024-9512

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-9512

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9512.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-9512

Aliases

BIT-gitlab-2024-9512

Published

2025-06-12T14:02:55.123Z

Modified

2026-04-10T05:19:56.219595Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

Details

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9512.json",
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-367"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

Fixed

66f725cc002c2eee98e0cfee8521025dd7a4eb6e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "17.10.8"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

b7c061ce59a5eca5c5764fcf61be8a5103fb7d55

Fixed

eb2929592bc8e3c7b766d886766a098f10b33eb1

Database specific

{
    "versions": [
        {
            "introduced": "17.11"
        },
        {
            "fixed": "17.11.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

504fd9e5236e13d674e051c6b8a1e9892b371c58

Fixed

073fca15cf94474af5984eda431aefd84307ec03

Database specific

{
    "versions": [
        {
            "introduced": "18.0"
        },
        {
            "fixed": "18.0.2"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v17.*

v17.10.0-ee

v17.10.0-rc42-ee

v17.10.2-ee

v17.10.3-ee

v17.11.0-ee

v18.*

v18.0.0-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9512.json"