CVE-2024-4784

Published: Aug 8, 2024Modified: Aug 23, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

Affected (3)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 16.7.0 to 17.0.6
Gitlab Gitlab	From 17.1.0 to 17.1.4
Gitlab Gitlab	From 17.2.0 to 17.2.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-305

Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/461248

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2486223

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.