CVE-2024-9163

CVE-2024-9163 is a low vulnerability published on May 23, 2025. A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

CVE-2024-9163 was first published in the National Vulnerability Database on May 23, 2025, with the most recent update on August 8, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

CVE-2024-9163 has a CVSS v3 base score of 3.5 (NVD).

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2024-9163, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.