What is the severity of CVE-2024-9387?

CVE-2024-9387 has been classified as a vulnerability that allows open redirects, which can lead to phishing attacks or unauthorized access.

How do I fix CVE-2024-9387?

To fix CVE-2024-9387, upgrade your GitLab installation to a version that is at least 17.4.6, 17.5.4, or 17.6.2, depending on your current version.

What versions are affected by CVE-2024-9387?

CVE-2024-9387 affects GitLab CE from version 11.8 up to but not including 17.4.6, and GitLab EE from 17.5 before 17.5.4 and 17.6 before 17.6.2.

What type of attacks can be carried out using CVE-2024-9387?

CVE-2024-9387 can allow attackers to perform open redirects which can be utilized for phishing or redirecting users to malicious sites.

Is CVE-2024-9387 present in the latest version of GitLab?

No, CVE-2024-9387 is not present in GitLab versions 17.4.6 and later, 17.5.4 and later, or 17.6.2 and later.

Vulnerability/
CVE-2024-9387

medium

6.4

CWE

601

EPSS

0.061%

12/12/2024

17/12/2024

CVE-2024-9387: URL Redirection to Untrusted Site ('Open Redirect') in GitLab

First published: Thu Dec 12 2024(Updated: )

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

Credit: cve@gitlab.com

Affected Software	Affected Version	How to fix
GitLab	>11.8
GitLab	<17.4.6
GitLab Enterprise Edition	>17.5
GitLab Enterprise Edition	<17.5.4
GitLab Enterprise Edition	>17.6
GitLab Enterprise Edition	<17.6.2

Remedy

Upgrade to versions 17.4.6, 17.5.4, 17.6.2 or above.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-9387?
CVE-2024-9387 has been classified as a vulnerability that allows open redirects, which can lead to phishing attacks or unauthorized access.
How do I fix CVE-2024-9387?
To fix CVE-2024-9387, upgrade your GitLab installation to a version that is at least 17.4.6, 17.5.4, or 17.6.2, depending on your current version.
What versions are affected by CVE-2024-9387?
CVE-2024-9387 affects GitLab CE from version 11.8 up to but not including 17.4.6, and GitLab EE from 17.5 before 17.5.4 and 17.6 before 17.6.2.
What type of attacks can be carried out using CVE-2024-9387?
CVE-2024-9387 can allow attackers to perform open redirects which can be utilized for phishing or redirecting users to malicious sites.
Is CVE-2024-9387 present in the latest version of GitLab?
No, CVE-2024-9387 is not present in GitLab versions 17.4.6 and later, 17.5.4 and later, or 17.6.2 and later.

agent/weakness
agent/remedy
agent/references
agent/title
agent/description
agent/first-publish-date
agent/type
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/epss
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gitlab
canonical/gitlab
canonical/gitlab enterprise edition

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.