2024-11-26
A critical vulnerability (CVE-2024-9693) has been identified in GitLab CE/EE versions 16.0 to 17.3.6, 17.4 to 17.4.3, and 17.5 to 17.5.1. This vulnerability could grant unauthorized access to the Kubernetes agent within a cluster under specific configurations.
Vulnerability Information
Platform: GitLab CE/EE
Version: 16.0 to 17.3.6, 17.4 to 17.4.3, 17.5 to 17.5.1 (Fixed in 17.3.7, 17.4.4, 17.5.2)
Vulnerability: Unauthorized access to Kubernetes agent (CVE-2024-9693)
Severity: High (CVSS score: 8.5)
Date: November 14, 2024 (Discovered), November 25, 2024 (NVD Last Modified)
What Undercode Says:
This vulnerability is critical and could allow attackers to gain unauthorized access to your GitLab cluster’s Kubernetes agent. It’s important to update to GitLab versions 17.3.7, 17.4.4, or 17.5.2 immediately to mitigate this risk.
Additional Notes:
A public exploit for this vulnerability is not currently known.
This vulnerability affects specific configurations; refer to
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help