An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:17.3.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:17.3.0:*:*:*:enterprise:*:*:* |
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
Thu, 22 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | |
Title | Improper Access Control in GitLab | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-08-22T15:31:07.481Z
Updated: 2024-08-29T15:04:57.250Z
Reserved: 2024-04-01T08:30:38.673Z
Link: CVE-2024-3127
Vulnrichment
Updated: 2024-08-22T16:35:25.732Z
NVD
Status : Analyzed
Published: 2024-08-22T16:15:08.590
Modified: 2024-12-13T16:11:44.433
Link: CVE-2024-3127
Redhat
No data.