CVE-2024-9387

Publication date 12 December 2024

Last updated 12 December 2024


Ubuntu priority

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

Read the notes from the security team

Status

Package Ubuntu Release Status
gitlab 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
16.04 LTS xenial Ignored

Notes


mdeslaur

GitLab isn't maintainable as a distro package, and was removed from Ubuntu because of this. We will not be fixing security issues in the gitlab package in Xenial.