Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-3035

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.

Published

2024-08-08T11:15:12.503

Last Modified

2024-08-29T15:55:30.247

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639
Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 17.0.6	Yes
Application	gitlab	gitlab	< 17.0.6	Yes
Application	gitlab	gitlab	< 17.1.4	Yes
Application	gitlab	gitlab	< 17.1.4	Yes
Application	gitlab	gitlab	< 17.2.2	Yes
Application	gitlab	gitlab	< 17.2.2	Yes

References

https://gitlab.com/gitlab-org/gitlab/-/issues/452297 Broken Link ([email protected])
https://hackerone.com/reports/2424715 Permissions Required ([email protected])