CVE-2024-9773

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.

CVSS v3.0 8.0 HIGH

8.0^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/498557	Exploit Issue Tracking
https://hackerone.com/reports/2671808	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:17.10.0::::enterprise:::
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

13 Aug 2025, 01:20

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/498557 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/498557 - Exploit, Issue Tracking
References	~~() https://hackerone.com/reports/2671808 -~~	() https://hackerone.com/reports/2671808 - Permissions Required
First Time		Gitlab gitlab Gitlab
CPE		cpe:2.3:a:gitlab:gitlab:17.10.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.0

27 Mar 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 13:15

Updated : 2025-08-13 01:20

NVD link : CVE-2024-9773

Mitre link : CVE-2024-9773

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

8.0 /10