CVE-2024-6323

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6323

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6323.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-6323

Aliases

BIT-gitlab-2024-6323

Published

2024-06-27T00:15:13Z

Modified

2024-10-12T12:03:24.501522Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/457912

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

8c75d0bf4a4190d94326f1a854d0a102ceca4392

Fixed

bb522e4e0a729ff96a77a38b40c7e638654d7b95

Affected versions

v17.*

v17.0.0-ee

v17.0.1-ee

v17.0.1-rc42-ee

v17.0.2-ee