CVE-2024-6323
June 27, 2024, 12:47 p.m.
Tags
CVSS Score
Product(s) Impacted
GitLab EE
- 16.11 - 16.11.5
- 17.0 - 17.0.3
- 17.1 - 17.1.1
Description
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
Weaknesses
CWE-653
Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
CWE ID: 653Date
Published: June 27, 2024, 12:15 a.m.
Last Modified: June 27, 2024, 12:47 p.m.
Status : Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@gitlab.com
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N