GitLab EE Vulnerability: Bypassing IP Restriction for Unauthorized Access
CVE-2024-3127
4.3MEDIUM
Summary
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.
Affected Version(s)
GitLab < 17.1.6
GitLab < 17.2.4
GitLab < 17.3.1
Refferences
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Thanks [0x777](https://hackerone.com/0x777) for reporting this vulnerability through our HackerOne bug bounty program