CVE-2024-6356

🗓️ 05 Feb 2025 10:02:22Reported by GitLabType

GitLab EE vulnerability permits cross project access for Security policy bot in multiple versions.

Reporter	Title	Published	Views	Family All 13
FreeBSD	Gitlab -- Vulnerabilities	7 Aug 202400:00	–	freebsd
Circl	CVE-2024-6356	20 Aug 202404:31	–	circl
Cvelist	CVE-2024-6356 Incorrect User Management in GitLab	5 Feb 202510:02	–	cvelist
Debian CVE	CVE-2024-6356	5 Feb 202510:02	–	debiancve
EUVD	EUVD-2024-48021	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Vulnerabilities (729008b9-54bf-11ef-a61b-2cf05da270f3)	7 Aug 202400:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition	12 Aug 202408:24	–	ncsc
NVD	CVE-2024-6356	5 Feb 202510:15	–	nvd
OSV	BIT-GITLAB-2024-6356 Incorrect User Management in GitLab	7 Feb 202507:16	–	osv
OSV	CVE-2024-6356 Incorrect User Management in GitLab	5 Feb 202510:02	–	osv

NVD

Vulners

Node

gitlab gitlabRange16.0.0–17.0.6enterprise

gitlab gitlabRange17.1.0–17.1.4enterprise

gitlab gitlabRange17.2.0–17.2.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "16.0",
        "status": "affected",
        "lessThan": "17.0.6",
        "versionType": "semver"
      },
      {
        "version": "17.1",
        "status": "affected",
        "lessThan": "17.1.4",
        "versionType": "semver"
      },
      {
        "version": "17.2",
        "status": "affected",
        "lessThan": "17.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2575051
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/469108

06 Aug 2025 18:51Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.4

EPSS0.00038

SSVC

CWE-286