An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.
History

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Fri, 23 Aug 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-287
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Vendors & Products Gitlab
Gitlab gitlab

Thu, 08 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 10:15:00 +0000

Type Values Removed Values Added
Description An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.
Title Authentication Bypass by Primary Weakness in GitLab
Weaknesses CWE-305
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-08-08T10:02:19.809Z

Updated: 2024-08-29T15:04:58.457Z

Reserved: 2024-05-10T19:01:57.438Z

Link: CVE-2024-4784

cve-icon Vulnrichment

Updated: 2024-08-08T14:12:27.840Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-08T10:15:09.390

Modified: 2024-08-23T16:59:30.430

Link: CVE-2024-4784

cve-icon Redhat

No data.