Unauthorized Issue Status Manipulation in GitLab CE/EE Products
CVE-2024-12431

Currently unrated

Key Information:

Vendor: GitLab
Vendor: CVE Published:; 8 January 2025

Summary

A vulnerability exists in GitLab CE/EE that enables unauthorized users to alter the status of issues in public projects. This flaw affects all versions from 15.5 to prior to 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1. Exploitation could lead to confusion and mismanagement in project workflows, as users not authenticated to the system could manipulate issue tracking features in ways not intended by project owners.

References

https://about.gitlab.com/releases/2025/01/08/patch-releas...

https://gitlab.com/gitlab-org/gitlab/-/issues/508742

https://hackerone.com/reports/2877710

Timeline

Vulnerability published
Jan 8, 2025