An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/456922 |
History
Thu, 12 Dec 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:enterprise:*:*:* |
Tue, 26 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 26 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results. | |
Title | Insufficient Session Expiration in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-613 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-11-26T18:30:45.846Z
Updated: 2024-11-26T18:42:38.028Z
Reserved: 2024-11-25T11:01:47.566Z
Link: CVE-2024-11668
Vulnrichment
Updated: 2024-11-26T18:42:34.909Z
NVD
Status : Analyzed
Published: 2024-11-26T19:15:22.027
Modified: 2024-12-12T21:42:07.607
Link: CVE-2024-11668
Redhat
No data.