Lucene search

[email protected]NVD:CVE-2024-5258

HistoryMay 23, 2024 - 11:15 a.m.

CVE-2024-5258

2024-05-2311:15:24

CWE-639

[email protected]

web.nvd.nist.gov

gitlab

authorization

vulnerability

cve-2024-5258

authenticated attacker

naming convention

pipeline logic

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.

References

gitlab.com/gitlab-org/gitlab/-/issues/443254