CVE-2024-8640

Summary

CVE-2024-8640 is a vulnerability affecting GitLab EE in all versions starting from 16.11 up to 17.1.7, from 17.2 up to 17.2.5, and from 17.3 up to 17.3.2, stemming from inadequate input filtering that allows command injection into a connected Cube server. The potential risk includes significant impacts on confidentiality, integrity, and availability with a high base severity score of 8.5 according to CVSS v3.1 metrics, categorized as having low privilege requirements and no user interaction needed for exploitation over the network. To remediate this issue, users should upgrade their GitLab EE installations to versions 17.1.7 or later, 17.2.5 or later, or 17.3.2 or later as applicable. Organizations utilizing affected products should prioritize this update to mitigate risks associated with unauthorized command execution that could compromise their systems' security and data integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.