CVE-2024-9512

Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

CVSS 5.3 MEDIUMEPSS 0.2%CWE-367

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Jun 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitlab.com/gitlab-org/gitlab/-/issues/497748 https://hackerone.com/reports/2683469