GitLabVULNRICHMENT:CVE-2024-5430CVE-2024-5430 Improper Access Control in GitLab
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
6.4 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
16.2%
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.
CNA Affected
[
{
"repo": "git://[email protected]:gitlab-org/gitlab.git",
"vendor": "GitLab",
"product": "GitLab",
"versions": [
{
"status": "affected",
"version": "16.10",
"lessThan": "16.11.5",
"versionType": "semver"
},
{
"status": "affected",
"version": "17.0",
"lessThan": "17.0.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "17.1",
"lessThan": "17.1.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
6.4 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
16.2%