VYPR
Unrated severityNVD Advisory· Published Nov 26, 2024· Updated Nov 30, 2024

Incorrect Authorization in GitLab

CVE-2024-11669

Description

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.

Affected products

12

Patches

Vulnerability mechanics

References

1

News mentions

1