Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/457912 | Broken Link |
https://gitlab.com/gitlab-org/gitlab/-/issues/457912 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/457912 - Broken Link |
30 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
28 Jun 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/457912 - Broken Link | |
First Time |
Gitlab gitlab
Gitlab |
|
CWE | CWE-863 | |
CPE | cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
27 Jun 2024, 12:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
27 Jun 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-27 00:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6323
Mitre link : CVE-2024-6323
CVE.ORG link : CVE-2024-6323
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-863
Incorrect Authorization