Lucene search

K
osvGoogleOSV:CVE-2024-5258
HistoryMay 23, 2024 - 11:15 a.m.

CVE-2024-5258

2024-05-2311:15:24
Google
osv.dev
144
gitlab
authorization
vulnerability
bypass
pipeline

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.

CPENameOperatorVersion
gitlabeq17.0.0-ee
gitlabeq17.0.1-rc42-ee

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%