An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Sep 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Tue, 17 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Sep 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members. | |
Title | Authorization Bypass Through User-Controlled Key in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-639 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-09-16T21:33:58.732Z
Updated: 2024-09-17T15:25:59.042Z
Reserved: 2024-07-11T13:30:50.866Z
Link: CVE-2024-6685
Vulnrichment
Updated: 2024-09-17T15:25:55.469Z
NVD
Status : Analyzed
Published: 2024-09-16T22:15:20.917
Modified: 2024-09-24T16:48:24.497
Link: CVE-2024-6685
Redhat
No data.