CVE-2024-7110

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Aug 22, 2024 / Updated: 2mo ago

010
CVSS 6.4EPSS 0.04%Medium
CVE info copied to clipboard

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-7110. See article

Aug 22, 2024 at 8:03 AM / Security feed from CyberSecurity Help
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 22, 2024 at 4:00 PM
Static CVE Timeline Graph

Affected Systems

Gitlab/gitlab
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

References

GitLab Patch Release: 17.3.1, 17.2.4, 17.1.6
These versions contain important bug and security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

News

CVE-2024-7110
Medium Severity Description An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. Read more at https://www.tenable.com/cve/CVE-2024-7110
GitLab 17.1 < 17.1.6 / 17.2 < 17.2.4 / 17.3 < 17.3.1 (CVE-2024-7110)
Nessus Plugin ID 206118 with Medium Severity Synopsis The version of GitLab installed on the remote host is affected by a vulnerability. Description The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. (CVE-2024-7110) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Upgrade to GitLab version 17.1.6, 17.2.4, 17.3.1 or later. Read more at https://www.tenable.com/plugins/nessus/206118
NA - CVE-2024-7110 - An issue was discovered in GitLab EE affecting...
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a...
gitlab CVE-2024-7110: Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab (CVE-2024-7110)
Development Last Updated: 8/22/2024 CVEs: CVE-2024-7110
CVE-2024-7110 - GitLab Command Injection
CVE ID : CVE-2024-7110 Published : Aug. 22, 2024, 4:15 p.m. 16 minutes ago Description : An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. Severity: 6.4 MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI