An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
History

Thu, 12 Dec 2024 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:enterprise:*:*:*

Tue, 26 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 26 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
Description An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
Title Incorrect Authorization in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-863
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-11-26T18:41:09.488Z

Updated: 2024-11-30T04:55:54.926Z

Reserved: 2024-11-25T11:01:52.311Z

Link: CVE-2024-11669

cve-icon Vulnrichment

Updated: 2024-11-26T20:02:39.884Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-26T19:15:22.367

Modified: 2024-12-12T21:11:00.737

Link: CVE-2024-11669

cve-icon Redhat

No data.