vulnerability

Gitlab Gitlab: CVE-2024-9512: Time-of-check Time-of-use (TOCTOU) Race Condition

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:C/I:N/A:N)	Jun 12, 2025	Jun 13, 2025	Jul 3, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:N/A:N)

Published

Jun 12, 2025

Added

Jun 13, 2025

Modified

Jul 3, 2025

Description

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-367
CVE-2024-9512
https://attackerkb.com/topics/CVE-2024-9512
URL-https://gitlab.com/gitlab-org/gitlab/-/issues/497748
URL-https://hackerone.com/reports/2683469

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today