7 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-13041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7...
CVE-2024-13041
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...
CVE-2024-13041
Removed by vendor...
CVE-2024-13041 Incorrect User Management in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...
CVE-2024-13041 Incorrect User Management in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...
CVE-2024-13041
Summary: CVE-2024-13041 affects GitLab CE/EE versions with SAML user creation where the external groups setting overrides the external provider configuration, potentially allowing internal project/group access to non-external users. Affected versions (per sources): GitLab 16.4 up to 17.5.5 (pre-1...
CVE-2024-13041
creationtimestamp| type| source ---|---|--- 2025-01-08 16:11:36+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113793610252558322 2025-01-09 06:36:02+00:00| seen| https://infosec.exchange/users/cve/statuses/113797009211537411 2025-01-09 07:15:55+00:00| seen|...