Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-9870
CVE-2024-9870:
GitLab vulnerability analysis and mitigation
Overview
An external service interaction vulnerability was identified in GitLab Enterprise Edition (EE), tracked as CVE-2024-9870. The vulnerability affects all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. This security issue was disclosed on February 12, 2025 (NVD, Ubuntu).
Technical details
The vulnerability is classified as a Server-Side Request Forgery (SSRF) vulnerability via Workspaces that enables attackers to send requests from the GitLab server to unintended services. It specifically affects GitLab Enterprise Edition and not the Community Edition (Security Online, Ubuntu).
Impact
When exploited, this vulnerability allows attackers to make the GitLab server send requests to unintended services, potentially leading to unauthorized access to internal resources or services (NVD).
Mitigation and workarounds
GitLab has addressed this vulnerability by releasing patched versions. Users are advised to upgrade to versions 17.6.5, 17.7.4, or 17.8.2 or later to mitigate the security risk (Security Online).
Additional resources
Source: This report was generated using AI
Related GitLab vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management