CVE-2024-4006

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-4006

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4006.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-4006

Aliases

BIT-gitlab-2024-4006

Related

UBUNTU-CVE-2024-4006

Published

2024-04-25T14:15:09Z

Modified

2024-12-12T17:10:26Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

References

https://gitlab.com/gitlab-org/gitlab/-/issues/455805

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

9e7d34f7ff11405ece06ec398b66965d153cee6f

Fixed

37be6ae4d071c237cf140e2b206ad4062adefcd1