GitLab EE Vulnerability: Bypassing IP Restriction for Unauthorized Access

CVE-2024-3127

4.3MEDIUM

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 22 August 2024

Summary

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.

Affected Version(s)

GitLab < 17.1.6

GitLab < 17.2.4

GitLab < 17.3.1

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 4.3 - (MEDIUM)
Aug 29, 2024
Vulnerability published.
Aug 22, 2024

Collectors

NVD DatabaseMitre Database

Credit

Thanks [0x777](https://hackerone.com/0x777) for reporting this vulnerability through our HackerOne bug bounty program