Access Control Bypass in GitLab CE/EE Affects Multiple Versions
CVE-2024-10219

6.5MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 13 August 2025

What is CVE-2024-10219?

A vulnerability in GitLab CE/EE allows authenticated users to bypass established access controls under specific conditions. This flaw enables users to access private artifacts through particular API endpoints, potentially leading to unauthorized data exposure. The issue affects versions prior to the specified updates, highlighting the need for timely patching to secure access and protect sensitive information.

Affected Version(s)

GitLab 15.6 < 18.0.6

GitLab 18.1 < 18.1.4

GitLab 18.2 < 18.2.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/500134

issue-trackingpermissions-required

https://hackerone.com/reports/2780353

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Oct 21, 2024

Credit

Thanks [albatraoz](https://hackerone.com/albatraoz) for reporting this vulnerability through our HackerOne bug bounty program