cve/2024/CVE-2024-9633.md

### [CVE-2024-9633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9633)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=16.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-708%3A%20Incorrect%20Ownership%20Assignment&color=brightgreen)

### Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.

### POC

#### Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/498257

#### Github
No PoCs found on GitHub currently.