CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/472603	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*

Configuration 2 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

11 Sep 2024, 16:52

Type	Values Removed	Values Added
First Time		Gitlab gitlab Gitlab
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/472603 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/472603 - Third Party Advisory
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*

23 Aug 2024, 16:18

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en GitLab EE que afecta a todas las versiones desde 17.0 a 17.1.6, 17.2 anterior a 17.2.4 y 17.3 anterior a 17.3.1, y permite a un atacante ejecutar comandos arbitrarios en la canalización de una víctima mediante inyección rápida.

22 Aug 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-22 16:15

Updated : 2024-09-11 16:52

NVD link : CVE-2024-7110

Mitre link : CVE-2024-7110

CVE.ORG link : CVE-2024-7110

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2024-7110", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-08-22T16:15:10.627", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/472603", "tags": ["Third Party Advisory"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 17.0 a 17.1.6, 17.2 anterior a 17.2.4 y 17.3 anterior a 17.3.1, y permite a un atacante ejecutar comandos arbitrarios en la canalizaci\u00f3n de una v\u00edctima mediante inyecci\u00f3n r\u00e1pida."}], "lastModified": "2024-09-11T16:52:37.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "AB3177CA-651B-437F-9E68-5FB2015A5702", "versionEndExcluding": "17.1.6", "versionStartIncluding": "17.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "77973797-7C54-4BBA-9BB7-A0E71BC6AB94", "versionEndExcluding": "17.2.4", "versionStartIncluding": "17.2.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C2925C28-DB06-4BAC-B765-CF3226A555BA", "versionEndExcluding": "17.3.1", "versionStartIncluding": "17.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0ABAEB09-BEB2-4035-9041-DA84B8C331E5", "versionEndExcluding": "17.1.6", "versionStartIncluding": "17.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E1DB1E17-ECEF-4040-BDA8-2E55F75BA266", "versionEndExcluding": "17.2.4", "versionStartIncluding": "17.2.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0A8C02DB-1D57-4F63-B472-E7D5BC958EDB", "versionEndExcluding": "17.3.1", "versionStartIncluding": "17.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}