Description

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.

Related CPE's

a

gitlab

gitlab

6

References

https://gitlab.com/gitlab-org/gitlab/-/issues/452640

ExploitIssue Tracking

https://hackerone.com/reports/2395169

Permissions Required

Weaknesses

[email protected]

Secondary
CWE-284

[email protected]

Primary
CWE-863

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-08-22T14:15:08.590Z

1 year ago

Last modified

2024-12-13T15:11:44.433Z

1 year ago