An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/443254 |
History
Fri, 13 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:enterprise:*:*:* |
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-05-23T11:02:06.904Z
Updated: 2024-08-29T15:04:59.201Z
Reserved: 2024-05-23T06:30:45.483Z
Link: CVE-2024-5258
Vulnrichment
Updated: 2024-08-01T21:03:11.132Z
NVD
Status : Analyzed
Published: 2024-05-23T11:15:24.640
Modified: 2024-12-13T17:09:56.883
Link: CVE-2024-5258
Redhat
No data.