CVE-2024-8311
Improper Protection of Alternate Path in GitLab
6.5
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
How to fix CVE-2024-8311
To remediate CVE-2024-8311, upgrade the affected package to a fixed version below.
- —upgrade to 17.2.5 or later
Is CVE-2024-8311 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |