CVE-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 09:49

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/457912 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/457912 - Broken Link

30 Aug 2024, 14:15

Type Values Removed Values Added
CWE CWE-653

28 Jun 2024, 13:15

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/457912 - () https://gitlab.com/gitlab-org/gitlab/-/issues/457912 - Broken Link
First Time Gitlab gitlab
Gitlab
CWE CWE-863
CPE cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

27 Jun 2024, 12:47

Type Values Removed Values Added
Summary
  • (es) La autorización inadecuada en la búsqueda global en GitLab EE que afecta a todas las versiones desde 16.11 anteriores a 16.11.5 y 17.0 anteriores a 17.0.3 y 17.1 anteriores a 17.1.1 permite que un atacante filtre el contenido de un repositorio privado en un proyecto público.

27 Jun 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 00:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6323

Mitre link : CVE-2024-6323

CVE.ORG link : CVE-2024-6323


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-863

Incorrect Authorization