CVE-2024-3959

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-3959

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3959.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-3959

Aliases

BIT-gitlab-2024-3959

Downstream

UBUNTU-CVE-2024-3959

Published

2024-06-26T23:31:25.425Z

Modified

2025-11-15T23:38:46.288288Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Improper Authorization in GitLab

Details

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user.

Database specific

{
    "cwe_ids": [
        "CWE-285"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

9e7d34f7ff11405ece06ec398b66965d153cee6f

Fixed

1c964efc9c74e98a604c02dfaed5f4097518ac00

Database specific

{
    "versions": [
        {
            "introduced": "16.7"
        },
        {
            "fixed": "16.11.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

8c75d0bf4a4190d94326f1a854d0a102ceca4392

Fixed

bb522e4e0a729ff96a77a38b40c7e638654d7b95

Database specific

{
    "versions": [
        {
            "introduced": "17.0"
        },
        {
            "fixed": "17.0.3"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

b7514f9c21c09a9ed2b258f5cfdd56c88f43864a

Fixed

d0ac56e0be2576f3101025fb4a977a5e2a88d3ab

Database specific

{
    "versions": [
        {
            "introduced": "17.1"
        },
        {
            "fixed": "17.1.1"
        }
    ]
}

Affected versions

v17.*

v17.0.0-ee

v17.0.1-ee

v17.0.1-rc42-ee

v17.0.2-ee

v17.1.0-ee