An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/443254 |
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-05-23T11:02:06.904Z
Updated: 2024-08-29T15:04:59.201Z
Reserved: 2024-05-23T06:30:45.483Z
Link: CVE-2024-5258
Vulnrichment
Updated: 2024-08-01T21:03:11.132Z
NVD
Status : Awaiting Analysis
Published: 2024-05-23T11:15:24.640
Modified: 2024-05-24T01:15:30.977
Link: CVE-2024-5258
Redhat
No data.