Products
GitLab CE/EE
- 16.5 - 16.11.6
- 17.0 - 17.0.4
- 17.1 - 17.1.2
Source
cve@gitlab.com
Tags
CVE-2024-2880 details
Published : July 11, 2024, 7:15 a.m.
Last Modified : July 11, 2024, 1:05 p.m.
Last Modified : July 11, 2024, 1:05 p.m.
Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.
CVSS Score
| 1 | 2.7 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-284 | Improper Access Control | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
2.7
Exploitability Score
1.2
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
References
| URL | Source |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/451921 | cve@gitlab.com |
| https://hackerone.com/reports/2431597 | cve@gitlab.com |
This website uses the NVD API, but is not approved or certified by it.