{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-9512","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2024-10-04T06:02:21.940Z","datePublished":"2025-06-12T14:02:55.123Z","dateUpdated":"2025-06-12T14:13:37.117Z"},"containers":{"cna":{"title":"Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab","descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","status":"affected","lessThan":"17.10.8","versionType":"semver"},{"version":"17.11","status":"affected","lessThan":"17.11.4","versionType":"semver"},{"version":"18.0","status":"affected","lessThan":"18.0.2","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweId":"CWE-367","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/497748","name":"GitLab Issue #497748","tags":["issue-tracking","permissions-required"]},{"url":"https://hackerone.com/reports/2683469","name":"HackerOne Bug Bounty Report #2683469","tags":["technical-description","exploit","permissions-required"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 17.10.8, 17.11.4, 18.0.2 or above."}],"credits":[{"lang":"en","value":"Thanks [hdtran](https://hackerone.com/hdtran) for reporting this vulnerability through our HackerOne bug bounty program","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2025-06-12T14:02:55.123Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-12T14:12:49.948999Z","id":"CVE-2024-9512","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-12T14:13:37.117Z"}}]}}