Bypassing Password Re-entry Requirement in GitLab EE

CVE-2024-4784

5.4MEDIUM

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 8 August 2024

Summary

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

Affected Version(s)

GitLab < 17.0.6

GitLab < 17.1.4

GitLab < 17.2.2

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 5.4 to: 4.2 - (MEDIUM)
Aug 29, 2024
Vulnerability published.
Aug 8, 2024
Vulnerability Reserved.
May 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Thanks [vexin](https://hackerone.com/vexin) for reporting this vulnerability through our HackerOne bug bounty program