An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/501528 |
History
Thu, 12 Dec 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:enterprise:*:*:* |
Tue, 26 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 26 Nov 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | |
Title | Incorrect Authorization in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-11-26T18:41:09.488Z
Updated: 2024-11-30T04:55:54.926Z
Reserved: 2024-11-25T11:01:52.311Z
Link: CVE-2024-11669
Vulnrichment
Updated: 2024-11-26T20:02:39.884Z
NVD
Status : Analyzed
Published: 2024-11-26T19:15:22.367
Modified: 2024-12-12T21:11:00.737
Link: CVE-2024-11669
Redhat
No data.