CVE-2024-2880

CVSS 3.1 Score 2.7 of 10 (low)

Details

Published Jul 11, 2024

Updated: Jul 12, 2024

CWE ID 284

Summary

CVE-2024-2880 is a vulnerability affecting GitLab CE/EE versions starting from 16.5 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. This issue allows a user holding the `admin_group_member` custom role permission to ban group members, bypassing the intended access control. This could potentially lead to unintended consequences, including disruption of collaboration and unauthorized removal of team members. Users are encouraged to update their GitLab instances to the latest patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/w7vdOU
https://www.cve.org/CVERecord?id=CVE-2024-2880
https://nvd.nist.gov/vuln/detail/CVE-2024-2880

Back to Vulnerability Database