admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-9633.md

20 lines
1.0 KiB
Markdown
Raw Permalink Normal View History

Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
### [CVE-2024-9633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9633)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=16.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-708%3A%20Incorrect%20Ownership%20Assignment&color=brightgreen)
### Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.
### POC
#### Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/498257
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink