An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.
History

Fri, 13 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.3.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.3.0:*:*:*:enterprise:*:*:*

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitlab
Gitlab gitlab
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab

Thu, 22 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 15:45:00 +0000

Type Values Removed Values Added
Description An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.
Title Improper Access Control in GitLab
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-08-22T15:31:07.481Z

Updated: 2024-08-29T15:04:57.250Z

Reserved: 2024-04-01T08:30:38.673Z

Link: CVE-2024-3127

cve-icon Vulnrichment

Updated: 2024-08-22T16:35:25.732Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-22T16:15:08.590

Modified: 2024-12-13T16:11:44.433

Link: CVE-2024-3127

cve-icon Redhat

No data.