GitLabCVELIST:CVE-2024-5655CVE-2024-5655 Improper Access Control in GitLab
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
30.1%
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
CNA Affected
[
{
"vendor": "GitLab",
"product": "GitLab",
"repo": "git://[email protected]:gitlab-org/gitlab.git",
"versions": [
{
"version": "15.8",
"status": "affected",
"lessThan": "16.11.5",
"versionType": "semver"
},
{
"version": "17.0",
"status": "affected",
"lessThan": "17.0.3",
"versionType": "semver"
},
{
"version": "17.1",
"status": "affected",
"lessThan": "17.1.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
30.1%