Description
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
INFO
Published Date :
2024-05-23T11:02:06.904Z
Last Modified :
2024-08-29T15:04:59.201Z
Source :
GitLab
AFFECTED PRODUCTS
The following products are affected by CVE-2024-5258 vulnerability.
| Vendors | Products |
|---|---|
| Gitlab |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5258.
| URL | Resource |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/443254 |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact