An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.
History

Thu, 12 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:enterprise:*:*:*

Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287

Thu, 03 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Title Improper Authentication in GitLab Authentication Bypass by Assumed-Immutable Data in GitLab
Weaknesses CWE-302

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitlab
Gitlab gitlab
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-04-25T13:30:46.597Z

Updated: 2024-10-03T06:23:19.266Z

Reserved: 2024-04-22T05:30:44.526Z

Link: CVE-2024-4024

cve-icon Vulnrichment

Updated: 2024-08-01T20:26:57.255Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-25T14:15:09.903

Modified: 2024-12-12T16:52:12.103

Link: CVE-2024-4024

cve-icon Redhat

No data.