CVE-2024-3303
First published: Thu Feb 13 2025(Updated: )
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab Enterprise Edition | >=16.0<17.6.5>=17.7<17.7.4>=17.8<17.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-3303?
CVE-2024-3303 has been classified with a medium severity due to its potential for private data exfiltration.
How do I fix CVE-2024-3303?
To remediate CVE-2024-3303, upgrade your GitLab EE to version 17.6.5 or later, or 17.7.4 or later, or 17.8.2 or later.
Which versions are affected by CVE-2024-3303?
CVE-2024-3303 affects all GitLab EE versions from 16.0 to just before 17.6.5, starting from 17.7 and below 17.7.4, and starting from 17.8 and below 17.8.2.
What type of vulnerability is CVE-2024-3303?
CVE-2024-3303 is a prompt injection vulnerability that allows attackers to exfiltrate contents of a private issue.
Who is affected by CVE-2024-3303?
All users of GitLab EE running vulnerable versions from 16.0 up to the specified thresholds are affected by CVE-2024-3303.
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/source
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/gitlab
- canonical/gitlab enterprise edition