CVE-2024-4784

EPSS 0.02%
Veröffentlicht 08.08.2024 10:15:09
Zuletzt bearbeitet 23.08.2024 16:59:30
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Authentication Bypass by Primary Weakness in GitLab

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ GitLab SwEditionenterprise Version >= 16.7.0 < 17.0.6

Gitlab ≫ GitLab SwEditionenterprise Version >= 17.1.0 < 17.1.4

Gitlab ≫ GitLab SwEditionenterprise Version >= 17.2.0 < 17.2.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
cve@gitlab.com	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://gitlab.com/gitlab-org/gitlab/-/issues/461248

Broken Link

https://hackerone.com/reports/2486223

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-4784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4784

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-4784