Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

  • Published: May 23, 2025
  • Updated: Aug 9, 2025
  • CVE: CVE-2024-9163
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

Software From Fixed in
gitlab / gitlab 18.0.0 18.0.0.x
gitlab / gitlab 17.11.0 17.11.3
gitlab / gitlab 12.1.0 17.10.7