Unrated severityNVD Advisory· Published Jan 8, 2025· Updated Feb 12, 2025
Missing Authorization in GitLab
CVE-2024-12431
Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 15.5
- (no CPE)range: >=15.5, <17.5.5 || >=17.6, <17.6.3 || >=17.7, <17.7.1
- osv-coords11 versionspkg:apk/chainguard/gitlab-base-fips-17.6pkg:apk/chainguard/gitlab-cng-fips-17.6pkg:apk/chainguard/gitlab-container-registry-fips-17.6pkg:apk/chainguard/gitlab-docker-machine-fips-17.7pkg:apk/chainguard/gitlab-elasticsearch-indexer-fips-17.6pkg:apk/chainguard/gitlab-logger-fips-17.6pkg:apk/chainguard/gitlab-runner-fips-17.7pkg:apk/chainguard/gitlab-runner-helper-fips-17.7pkg:apk/chainguard/gitlab-shell-fips-17.6pkg:apk/chainguard/gitlab-toolbox-fips-17.6pkg:bitnami/gitlab
< 17.6.5-r0+ 10 more
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.7.1-r1
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.7.1-r1
- (no CPE)range: < 17.7.1-r1
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: >= 15.5.0, < 17.5.5
Patches
Vulnerability mechanics
References
3- hackerone.com/reports/2877710mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/508742mitreissue-trackingpermissions-required
- about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/mitre
News mentions
1- GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5GitLab Security Releases · Jan 8, 2025