← back
CVE-2024-11669

Incorrect Authorization in GitLab

CVSS 6.5 MEDIUMEPSS 0.5%CWE-863
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/gitlab/-/issues/501528