An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
Thu, 22 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | |
Title | Improper Access Control in GitLab | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-08-22T15:31:07.481Z
Updated: 2024-08-29T15:04:57.250Z
Reserved: 2024-04-01T08:30:38.673Z
Link: CVE-2024-3127
Vulnrichment
Updated: 2024-08-22T16:35:25.732Z
NVD
Status : Awaiting Analysis
Published: 2024-08-22T16:15:08.590
Modified: 2024-08-23T16:18:28.547
Link: CVE-2024-3127
Redhat
No data.