Attacker Can Leak Private Repository Content in Public Project via Improper Authorization
CVE-2024-6323

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 27 June 2024

What is CVE-2024-6323?

An improper authorization flaw has been identified in GitLab Enterprise Edition, affecting select versions. This vulnerability allows an attacker to exploit the global search feature, potentially exposing content from private repositories in public projects. The vulnerability impacts all versions from 16.11 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1, which could lead to significant data exposure if left unaddressed. Security measures and updates are strongly recommended to mitigate any associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GitLab 16.11.0 < 16.11.5

GitLab 17.0.0 < 17.0.3

GitLab 17.1.0 < 17.1.1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/457912

issue-trackingpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2024

Credit

This vulnerability has been discovered internally by @joernchen.

JSON

Gitlab

What is CVE-2024-6323?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.