{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-8311","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2024-08-29T15:02:14.402Z","datePublished":"2024-09-12T18:27:24.446Z","dateUpdated":"2024-09-13T14:17:38.422Z"},"containers":{"cna":{"title":"Improper Protection of Alternate Path in GitLab","descriptions":[{"lang":"en","value":"An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"17.2","status":"affected","lessThan":"17.2.5","versionType":"semver"},{"version":"17.3","status":"affected","lessThan":"17.3.2","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-424: Improper Protection of Alternate Path","cweId":"CWE-424","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/479315","name":"GitLab Issue #479315","tags":["issue-tracking","permissions-required"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 17.2.5, 17.3.2 or above."}],"credits":[{"lang":"en","value":"This vulnerability has been discovered internally by GitLab team member Andy Schoenen","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2024-09-12T18:27:24.446Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-12T18:45:43.633943Z","id":"CVE-2024-8311","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T18:46:30.543Z"}},{"title":"CVE Program Container","references":[{"url":"https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-09-13T14:17:38.422Z"}}]}}