{"vulnerability": "CVE-2024-6385", "sightings": [{"uuid": "bc55d8b3-785b-4d31-b334-64cc372f4c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lfetfuyna22f", "content": "", "creation_timestamp": "2025-01-10T09:01:40.339874Z"}, {"uuid": "5d363153-aec0-478f-a46b-484952534a19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://bsky.app/profile/spritzfinance.bsky.social/post/3lfdev2bxgy26", "content": "", "creation_timestamp": "2025-01-09T19:09:03.337923Z"}, {"uuid": "5416b6f7-c10e-4172-9367-11419319becd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://t.me/HackingInsights/5811", "content": "\u200aGitLab Patches Critical Security Vulnerability (CVE-2024-6385), Urges Immediate Upgrade\n\nhttps://securityonline.info/gitlab-patches-critical-security-vulnerability-cve-2024-6385-urges-immediate-upgrade/", "creation_timestamp": "2024-07-12T13:28:09.000000Z"}, {"uuid": "b3b0d31f-a025-4831-ada3-54c482992a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1328", "content": "", "creation_timestamp": "2024-07-11T04:00:00.000000Z"}, {"uuid": "947ca155-2cd7-4615-9d83-e6f49109d703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://t.me/cvedetector/641", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-6385 - An issue was discovered in GitLab CE/EE affecting\", \n  \"Content\": \"CVE ID : CVE-2024-6385 \nPublished : July 11, 2024, 7:15 a.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. \nSeverity: 9.6 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T09:57:22.000000Z"}, {"uuid": "fbad95e6-65cd-416b-a70f-b3d08923bb8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://t.me/KomunitiSiber/2235", "content": "GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs\nhttps://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html\n\nGitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user.\nTracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.\n\"An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to", "creation_timestamp": "2024-07-11T08:50:45.000000Z"}, {"uuid": "609153de-5be4-414f-ab01-3e0cd6da2a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "Telegram/IXERdzpVSWu5bnInNI0qNqftyB-hdr7QFOTXYQgmSeJcsw", "content": "", "creation_timestamp": "2024-07-11T08:12:49.000000Z"}, {"uuid": "dbd34526-9df7-46f6-bd4d-efdde2b1096d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://t.me/true_secator/5957", "content": "GitLab \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 GitLab Community \u0438 Enterprise, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438/\u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f (CI/CD).\n\nCVE-2024-6385\u00a0\u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVSS 9,6 \u0438\u0437 10 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 GitLab CE/EE \u043e\u0442 15.8 \u0434\u043e 16.11.6, \u043e\u0442 17.0 \u0434\u043e 17.0.4 \u0438 \u043e\u0442 17.1 \u0434\u043e 17.1.2.\n\n\u041f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 GitLab \u0435\u0449\u0435 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043d\u043e\u0432\u044b\u0439 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u0445\u043e\u0436\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 (CVE-2024-5655, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,6), \u043a\u043e\u0442\u043e\u0440\u0443\u044e  \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 GitLab Community \u0438 Enterprise 17.1.2, 17.0.4 \u0438 16.11.6 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0441\u0435 \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c GitLab.com \u0438 GitLab Dedicated \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e.\n\n\u0412 \u044d\u0442\u0438\u0445 \u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2024-5257, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 4,9), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e-\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 admin_compliance_framework \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c URL-\u0430\u0434\u0440\u0435\u0441 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430 \u0438\u043c\u0435\u043d \u0433\u0440\u0443\u043f\u043f\u044b.", "creation_timestamp": "2024-07-11T12:00:06.000000Z"}, {"uuid": "afc5b4d4-a9a5-4af6-959e-b76b5b3c24ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://t.me/xakep_ru/16097", "content": "GitLab \u043f\u0430\u0442\u0447\u0438\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 pipeline jobs\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 GitLab \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 GitLab Community \u0438 Enterprise, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c pipeline jobs \u043e\u0442 \u043b\u0438\u0446\u0430 \u043b\u044e\u0431\u043e\u0433\u043e \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\nhttps://xakep.ru/2024/07/12/gitlab-cve-2024-6385/", "creation_timestamp": "2024-07-12T19:34:55.000000Z"}, {"uuid": "2e82832f-533a-4b4c-be39-85ea23aa394d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6385", "type": "seen", "source": "https://t.me/thehackernews/5237", "content": "\u26a0\ufe0f GitLab has patched a critical vulnerability (CVE-2024-6385) with a CVSS score of 9.6, allowing attackers to run pipeline jobs as any user. \n \nAlso, Citrix updates for CVE-2024-6235, &amp; Broadcom addresses flaws in VMware Cloud Director (CVE-2024-22277) &amp; Aria Automation (CVE-2024-22280). \n \nLearn more: https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html \n \nDon't wait \u2013 secure your development environment now.", "creation_timestamp": "2024-07-11T05:53:00.000000Z"}]}