Lucene search

Ubuntu.comUB:CVE-2024-5655

HistoryJun 27, 2024 - 12:00 a.m.

CVE-2024-5655

2024-06-2700:00:00

ubuntu.com

gitlab ce/ee

security vulnerability

pipeline trigger

user impersonation

unix

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.1%

JSON

An issue was discovered in GitLab CE/EE affecting all versions starting
from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and
starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a
pipeline as another user under certain circumstances.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/465862

hackerone.com/reports/2536320

launchpad.net/bugs/cve/CVE-2024-5655

nvd.nist.gov/vuln/detail/CVE-2024-5655

security-tracker.debian.org/tracker/CVE-2024-5655

www.cve.org/CVERecord?id=CVE-2024-5655

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for UB:CVE-2024-5655