CVE-2024-3127

Summary

CVE-2024-3127 is a vulnerability affecting GitLab EE across various versions, specifically those from 12.5 prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. This security issue may allow unauthorized users to bypass IP restrictions for groups via GraphQL, enabling them to perform certain actions at the group level without proper authorization. The vulnerability has a medium severity rating with an exploitability score of 2.8, indicating that it requires low privileges and no user interaction for exploitation over a network. To remediate this issue, organizations should upgrade their GitLab EE installations to versions 17.1.6 or later, 17.2.4 or later, and 17.3.1 or later as soon as possible to mitigate potential risks associated with unauthorized access and control within their environments.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.