CVE-2024-5470 - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 an

CVE-2024-5470

Summary

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.

References

Vulnerable Configurations

cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.2:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.2:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.3:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.3:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.0.3:*:*:*:enterprise:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

12-07-2024 - 16:52

Published

11-07-2024 - 07:15

Last modified

12-07-2024 - 16:52