Cyber Resilience

CVE-2024-3303

MediumPublic PoC

Published: 13 February 2025

Published
13 February 2025
Modified
06 August 2025
KEV Added
Patch
CVSS Score v3.1 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0019 41.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3303 is a medium-severity an unspecified weakness vulnerability in Gitlab Gitlab. Its CVSS base score is 6.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: LLM Prompt Injection (AML.T0051).

EU & UK References

Vulnerability details

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue…

more

using prompt injection.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
LLM01:2025 Prompt Injection
Classification Reason
Matched keywords: prompt injection

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.003 Code Repositories Collection
Adversaries may leverage code repositories to collect valuable information.
Why these techniques?

CVE-2024-3303 enables exploitation of the public-facing GitLab application (T1190) via prompt injection to collect/exfiltrate data from private issues in code repositories (T1213.003).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0051: LLM Prompt Injection

Affected Assets

gitlab
gitlab
16.0.0 — 17.6.5 · 17.7.0 — 17.7.4 · 17.8.0 — 17.8.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References