Products
GitLab CE/EE
- 8.2 - 17.1.6
- 17.2 - 17.2.4
- 17.3 - 17.3.1
Source
cve@gitlab.com
Tags
CVE-2024-6502 details
Published : Aug. 22, 2024, 4:15 p.m.
Last Modified : Aug. 22, 2024, 4:15 p.m.
Last Modified : Aug. 22, 2024, 4:15 p.m.
Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.
CVSS Score
1 | 2 | 3 | 4 | 5.7 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-684 | Incorrect Provision of Specified Functionality | The code does not function according to its published specifications, potentially leading to incorrect usage. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
5.7
Exploitability Score
2.1
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
References
URL | Source |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/470647 | cve@gitlab.com |
https://hackerone.com/reports/2574561 | cve@gitlab.com |
This website uses the NVD API, but is not approved or certified by it.