GitLab CE/EE Critical RCE (DC-2024-9693) Allows Unauthorized Kubernetes Access

2024-11-26

A critical vulnerability (CVE-2024-9693) has been identified in GitLab CE/EE versions 16.0 to 17.3.6, 17.4 to 17.4.3, and 17.5 to 17.5.1. This vulnerability could grant unauthorized access to the Kubernetes agent within a cluster under specific configurations.

Vulnerability Information

Platform: GitLab CE/EE
Version: 16.0 to 17.3.6, 17.4 to 17.4.3, 17.5 to 17.5.1 (Fixed in 17.3.7, 17.4.4, 17.5.2)
Vulnerability: Unauthorized access to Kubernetes agent (CVE-2024-9693)
Severity: High (CVSS score: 8.5)
Date: November 14, 2024 (Discovered), November 25, 2024 (NVD Last Modified)

What Undercode Says:

This vulnerability is critical and could allow attackers to gain unauthorized access to your GitLab cluster’s Kubernetes agent. It’s important to update to GitLab versions 17.3.7, 17.4.4, or 17.5.2 immediately to mitigate this risk.

Additional Notes:

A public exploit for this vulnerability is not currently known.

This vulnerability affects specific configurations; refer to

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top