RCE in Gitlab
CVE-2024-8402
An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM i…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.002 (13.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Gitlab — versions 17.2, 17.8, 17.9
Weakness classification (CWE)
References
- cve@gitlab.com (issue-tracking, Exploit, permissions-required, Issue Tracking)
- cve@gitlab.com (Permissions Required, technical-description, permissions-required, exploit)
Frequently asked questions
- What is CVE-2024-8402?
- CVE-2024-8402 is a low-severity vulnerability in Gitlab, classified under Command Injection. CVSS score: 3.7/10. Published 2025-03-13.
- How severe is CVE-2024-8402?
- Low severity. CVSS v3 base score is 3.7 out of 10.