CVE-2024-9870

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-9870

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9870.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-9870

Aliases

BIT-gitlab-2024-9870

Downstream

UBUNTU-CVE-2024-9870

Published

2025-02-12T16:15:42Z

Modified

2025-10-15T04:34:55Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4dce6bc3728f63bc9086ff3088cda7527f6f0bec

Fixed

53bac28a6c50e5c1efa8b8d2520b24f32993682f