cvedb.io
CVE-2024-8970
HIGH · CVSS 8.2
EPSS exploitation probability: 0%
Published 2024-10-11T13:15:17.270 · Last modified 2026-06-17T08:23:39.393

Summary

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.

Affected products

gitlab — gitlab

Does this affect you?

Add your gear to cvedb and we'll alert you only when gitlab ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.