CVE-2024-9633
LOWDescription
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
References
Frequently Asked Questions
What is CVE-2024-9633? +
How severe is CVE-2024-9633? +
What products are affected by CVE-2024-9633? +
How do I check if I'm vulnerable to CVE-2024-9633? +
Related Vulnerabilities
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained …
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a …
Under certain conditions, access to service libraries is granted to account they should not have access to.
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper …
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user …
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network …