CVE-2024-9512
Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
5.9
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.
How to fix CVE-2024-9512
To remediate CVE-2024-9512, upgrade the affected package to a fixed version below.
- —upgrade to 18.0.2 or later
Is CVE-2024-9512 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 18.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |