CVE-2024-9633

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-708
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.

Related Vulnerabilities

CVE-2022-33737

HIGH
CVSS:7.5(High)

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password

CWE-7082022

CVE-2023-20044

HIGH
CVSS:7.3(High)

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit t...

CWE-7082023

CVE-2023-20043

MEDIUM
CVSS:6.7(Medium)

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit t...

CWE-7082023

CVE-2023-29122

MEDIUM
CVSS:6.7(Medium)

Under certain conditions, access to service libraries is granted to account they should not have access to.

CWE-7082023

CVE-2024-41773

MEDIUM
CVSS:6.5(Medium)

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.

CWE-7082024

CVE-2024-45426

MEDIUM
CVSS:6.5(Medium)

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

CWE-7082024