GitLab 12.5 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-9164)
Discription
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instance version disclosed to unauthorized users (CVE-2024-9164) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
References
Back to Main