CVE-2024-12431

Published: Jan 8, 2025Modified: Aug 5, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: cve@gitlab.com (Secondary)

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 15.5.0 to 17.5.5
Gitlab Gitlab	From 17.6.0 to 17.6.3
Gitlab Gitlab	From 17.7.0 to 17.7.1
Gitlab Gitlab	From 15.5.0 to 17.5.5
Gitlab Gitlab	From 17.6.0 to 17.6.3
Gitlab Gitlab	From 17.7.0 to 17.7.1

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (3)

https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#unauthorized-user-can-manipulate-status-of-issues-in-public-projects

Source: cve@gitlab.com

Release NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/508742

Source: cve@gitlab.com

ExploitIssue Tracking

https://hackerone.com/reports/2877710

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.