What is CVE-2024-8311?

CVE-2024-8311 is a medium-severity vulnerability in Gitlab, classified under CWE-424. CVSS score: 6.5/10. Published 2024-09-12.

How severe is CVE-2024-8311?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Gitlab

CVE-2024-8311

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD…

EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Gitlab — versions 17.2, 17.3

Weakness classification (CWE)

CWE-424

References

GitLab Issue #479315 (issue-tracking, permissions-required)

Frequently asked questions

What is CVE-2024-8311?: CVE-2024-8311 is a medium-severity vulnerability in Gitlab, classified under CWE-424. CVSS score: 6.5/10. Published 2024-09-12.
How severe is CVE-2024-8311?: Medium severity. CVSS v3 base score is 6.5 out of 10.