ID CVE-2024-6323
Summary Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
References
Vulnerable Configurations
  • cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:17.0.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:17.0.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:17.0.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:17.0.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:16.11.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:16.11.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:16.11.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:16.11.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:16.11.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:16.11.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:16.11.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:16.11.4:*:*:*:enterprise:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 21-11-2024 - 09:49
Published 27-06-2024 - 00:15
Last modified 21-11-2024 - 09:49
Back to Top