CVE-2024-9183
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2024-9183, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-05

Last updated on: 2025-12-10

Assigner: GitLab Inc.

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-05
Last Modified
2025-12-10
Generated
2026-07-06
AI Q&A
2025-12-05
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
gitlab gitlab From 18.4.0 (inc) to 18.4.5 (exc)
gitlab gitlab From 18.4.0 (inc) to 18.4.5 (exc)
gitlab gitlab From 18.5.0 (inc) to 18.5.3 (exc)
gitlab gitlab From 18.5.0 (inc) to 18.5.3 (exc)
gitlab gitlab From 18.6.0 (inc) to 18.6.1 (exc)
gitlab gitlab From 18.6.0 (inc) to 18.6.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in GitLab CE/EE versions before certain patches could allow an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.

Impact Analysis

An attacker who is an authenticated user could escalate their privileges by obtaining credentials of higher-privileged users, potentially allowing them to perform unauthorized actions within the system.

Mitigation Strategies

Upgrade GitLab CE/EE to versions 18.4.5, 18.5.3, 18.6.1 or later to remediate the vulnerability that allows an authenticated user to obtain credentials from higher-privileged users and perform actions in their context.

Compliance Impact

The vulnerability allows an authenticated user to obtain credentials from higher-privileged users and perform actions in their context, which could lead to unauthorized access to sensitive data. This type of unauthorized access and potential data exposure can negatively impact compliance with standards and regulations such as GDPR and HIPAA that require strict controls on data confidentiality and user access. Therefore, failing to patch this vulnerability could result in non-compliance with these regulations due to compromised confidentiality and integrity of sensitive information. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-9183. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart