← back
CVE-2024-5655

Improper Access Control in GitLab

CVSS 9.6 CRITICALEPSS 7.5%CWE-284
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected products
GitLab · GitLab
public PoCs found1
cve_referencehackerone.com/reports/2536320unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/gitlab/-/issues/465862https://hackerone.com/reports/2536320