Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-5258

HistoryMay 23, 2024 - 11:15 a.m.

CVE-2024-5258

2024-05-2311:15:24

Debian Security Bug Tracker

security-tracker.debian.org

gitlab

authorization

vulnerability

pipeline

unix

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab<= 16.8.4-1gitlab_16.8.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	<= 16.8.4-1	gitlab_16.8.4-1_all.deb