CVE-2024-9512

Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

CVSS 5.3 MEDIUMEPSS 0.2%CWE-367

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 jun 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Productos afectados

GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gitlab.com/gitlab-org/gitlab/-/issues/497748 https://hackerone.com/reports/2683469