A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/452297 | Broken Link |
https://hackerone.com/reports/2424715 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2024, 15:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/452297 - Broken Link | |
References | () https://hackerone.com/reports/2424715 - Permissions Required | |
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
08 Aug 2024, 13:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Aug 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-08 11:15
Updated : 2024-08-29 15:55
NVD link : CVE-2024-3035
Mitre link : CVE-2024-3035
CVE.ORG link : CVE-2024-3035
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-639
Authorization Bypass Through User-Controlled Key