CVE-2024-9870
4.3MEDIUMAn external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from th
Published: 2/12/2025Updated: 8/6/2025
Description
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.
AI AnalysisPowered by AI
Affected Products
gitlabgitlab
gitlabgitlab
gitlabgitlab
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/498911ExploitIssue Tracking
- https://hackerone.com/reports/2734142Permissions Required