CVE-2024-5528

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/464558	Exploit Issue Tracking
https://hackerone.com/reports/2523654	Permissions Required
https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

06 Aug 2025, 18:51

Type	Values Removed	Values Added
CWE		CWE-697
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
Summary		(es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.11.6, a partir de la 17.0 anterior a la 17.0.4, y a partir de la 17.1 anterior a la 17.1.2, que permite una toma de control de subdominio en GitLab Pages.
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/464558 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/464558 - Exploit, Issue Tracking
References	~~() https://hackerone.com/reports/2523654 -~~	() https://hackerone.com/reports/2523654 - Permissions Required
References	~~() https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/ -~~	() https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/ - Release Notes
First Time		Gitlab gitlab Gitlab

05 Feb 2025, 20:15

Type	Values Removed	Values Added
References		() https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/ -

05 Feb 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-05 11:15

Updated : 2025-08-06 18:51

NVD link : CVE-2024-5528

Mitre link : CVE-2024-5528

CVE.ORG link : CVE-2024-5528

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1023

Incomplete Comparison with Missing Factors

CWE-697

Incorrect Comparison

3.5 /10