Cyber Posture

CVE-2024-8402

LowPublic PoC

Published: 13 March 2025

Published
13 March 2025
Modified
08 August 2025
KEV Added
Patch
CVSS Score 3.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0009 25.5th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

Security Summary

CVE-2024-8402 is an input validation issue in the Google Cloud IAM integration feature of GitLab Enterprise Edition (EE). It affects all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, and all versions starting from 17.9 before 17.9.2. Classified as CWE-77 (Command Injection), the vulnerability carries a CVSS v3.1 base score of 3.7 (AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N).

Exploitation requires a Maintainer with local access to perform a high-complexity attack involving user interaction. Successful exploitation enables the Maintainer to introduce malicious code through the flawed input validation in the Google Cloud IAM integration.

Advisories recommend upgrading to patched versions: 17.7.7 or later for the 17.2 series, 17.8.5 or later for the 17.8 series, and 17.9.2 or later for the 17.9 series. Further details on the issue and resolution are documented in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/482813 and the HackerOne disclosure report at https://hackerone.com/reports/2601569.

Details

CWE(s)
CWE-77

Affected Products

gitlab
gitlab
17.2.0 — 17.7.7 · 17.8.0 — 17.8.5 · 17.9.0 — 17.9.2

MITRE ATT&CK Enterprise Techniques

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

The command injection vulnerability (CWE-77) in the Google Cloud IAM integration directly enables arbitrary command execution on the GitLab server.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References