CVE-2024-9163 Information

Description

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/493942 https://hackerone.com/reports/2705566