CVE-2024-9183
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2025-12-10

Assigner: GitLab Inc.

Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2025-12-10
Generated
2026-05-27
AI Q&A
2025-12-05
EPSS Evaluated
2026-05-25
NVD
CVE-2024-9183
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
gitlab gitlab From 18.4.0 (inc) to 18.4.5 (exc)
gitlab gitlab From 18.4.0 (inc) to 18.4.5 (exc)
gitlab gitlab From 18.5.0 (inc) to 18.5.3 (exc)
gitlab gitlab From 18.5.0 (inc) to 18.5.3 (exc)
gitlab gitlab From 18.6.0 (inc) to 18.6.1 (exc)
gitlab gitlab From 18.6.0 (inc) to 18.6.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in GitLab CE/EE versions before certain patches could allow an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.


How can this vulnerability impact me? :

An attacker who is an authenticated user could escalate their privileges by obtaining credentials of higher-privileged users, potentially allowing them to perform unauthorized actions within the system.


What immediate steps should I take to mitigate this vulnerability?

Upgrade GitLab CE/EE to versions 18.4.5, 18.5.3, 18.6.1 or later to remediate the vulnerability that allows an authenticated user to obtain credentials from higher-privileged users and perform actions in their context.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows an authenticated user to obtain credentials from higher-privileged users and perform actions in their context, which could lead to unauthorized access to sensitive data. This type of unauthorized access and potential data exposure can negatively impact compliance with standards and regulations such as GDPR and HIPAA that require strict controls on data confidentiality and user access. Therefore, failing to patch this vulnerability could result in non-compliance with these regulations due to compromised confidentiality and integrity of sensitive information. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart