An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 11 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | |
Title | Incorrect Authorization in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-10-11T12:30:37.109Z
Updated: 2024-10-11T13:37:54.711Z
Reserved: 2024-09-18T07:02:25.884Z
Link: CVE-2024-8970
Vulnrichment
Updated: 2024-10-11T13:37:51.654Z
NVD
Status : Analyzed
Published: 2024-10-11T13:15:17.270
Modified: 2024-12-13T01:20:14.813
Link: CVE-2024-8970
Redhat
No data.