Unrated severityNVD Advisory· Published May 23, 2024· Updated Aug 29, 2024
Authorization Bypass Through User-Controlled Key in GitLab
CVE-2024-5258
Description
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.10
- (no CPE)range: >=16.10, <16.10.6 || >=16.11, <16.11.3 || >=17.0, <17.0.1
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/443254mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 17.0.1, 16.11.3, 16.10.6GitLab Security Releases · May 22, 2024