CVE-2024-9183
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2025-12-10

Assigner: GitLab Inc.

Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-14
NVD
CVE-2024-9183
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
gitlab gitlab From 18.4.0 (inc) to 18.4.5 (exc)
gitlab gitlab From 18.4.0 (inc) to 18.4.5 (exc)
gitlab gitlab From 18.5.0 (inc) to 18.5.3 (exc)
gitlab gitlab From 18.5.0 (inc) to 18.5.3 (exc)
gitlab gitlab From 18.6.0 (inc) to 18.6.1 (exc)
gitlab gitlab From 18.6.0 (inc) to 18.6.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an authenticated user to obtain credentials from higher-privileged users and perform actions in their context, which could lead to unauthorized access to sensitive data. This type of unauthorized access and potential data exposure can negatively impact compliance with standards and regulations such as GDPR and HIPAA that require strict controls on data confidentiality and user access. Therefore, failing to patch this vulnerability could result in non-compliance with these regulations due to compromised confidentiality and integrity of sensitive information. [1]

Executive Summary

This vulnerability in GitLab CE/EE versions before certain patches could allow an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.

Impact Analysis

An attacker who is an authenticated user could escalate their privileges by obtaining credentials of higher-privileged users, potentially allowing them to perform unauthorized actions within the system.

Mitigation Strategies

Upgrade GitLab CE/EE to versions 18.4.5, 18.5.3, 18.6.1 or later to remediate the vulnerability that allows an authenticated user to obtain credentials from higher-privileged users and perform actions in their context.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-9183. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart