CVE-2024-6685

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

24 Sep 2024, 16:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.1
v2 : unknown
v3 : 4.3
First Time Gitlab
Gitlab gitlab
References () https://gitlab.com/gitlab-org/gitlab/-/issues/472012 - () https://gitlab.com/gitlab-org/gitlab/-/issues/472012 - Broken Link
References () https://hackerone.com/reports/2584372 - () https://hackerone.com/reports/2584372 - Permissions Required
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
CWE NVD-CWE-noinfo

20 Sep 2024, 12:31

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afectaba a todas las versiones desde la 16.7 anterior a la 17.1.7, la 17.2 anterior a la 17.2.5 y la 17.3 anterior a la 17.3.2, donde la información de los ejecutores del grupo se divulgaba a miembros del grupo no autorizados.

16 Sep 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-16 22:15

Updated : 2024-09-24 16:48


NVD link : CVE-2024-6685

Mitre link : CVE-2024-6685

CVE.ORG link : CVE-2024-6685


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-639

Authorization Bypass Through User-Controlled Key