CVE-2024-5258

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published May 23, 2024

Updated: May 24, 2024

CWE ID 639

Summary

CVE-2024-5258 is an authorization vulnerability affecting GitLab versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. An attacker with valid credentials can exploit a crafted naming convention to circumvent pipeline authorization checks, granting unauthorized access to resources. This issue could potentially lead to data leakage or unintended pipeline executions. GitLab strongly urges users to update their instances to the latest versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wEoPv3
https://www.cve.org/CVERecord?id=CVE-2024-5258
https://nvd.nist.gov/vuln/detail/CVE-2024-5258

Back to Vulnerability Database

CVE-2024-5258

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations