CVE-2024-9633: Incorrect Ownership Assignment in GitLab

3.1 CVSS

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.

Classification

CVE ID: CVE-2024-9633

CVSS Base Severity: LOW

CVSS Base Score: 3.1

Affected Products

Vendor: GitLab

Product: GitLab

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 19.3% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://gitlab.com/gitlab-org/gitlab/-/issues/498257
https://hackerone.com/reports/2759470

Timeline

2024-12-07 00:31:29 UTC
CVE

Incorrect Ownership Assignment in GitLab