CVE-2024-8977
Server-Side Request Forgery (SSRF) in GitLab
8.1
HIGH
CVSS 3.1
EPSS 0.06%
Description
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.
How to fix CVE-2024-8977
To remediate CVE-2024-8977, upgrade the affected package to a fixed version below.
- —upgrade to 17.2.9 or later
Is CVE-2024-8977 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 15.10.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |