CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints.

Database specific

{
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10219.json"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

07a0843ad18ecb422cdc61bf3c2ef0a9dc58a209

Fixed

85327bfea0841b1eda70dc49b76918681510f967

Database specific

{
    "versions": [
        {
            "introduced": "15.6"
        },
        {
            "fixed": "18.0.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

e0f3b86408aa4e7f03b63ac9e7dba6de1df14e93

Fixed

693bb5e6ca55d16970747e6a3157ab801608b758

Database specific

{
    "versions": [
        {
            "introduced": "18.1"
        },
        {
            "fixed": "18.1.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

64403a0daee4413eb45b939590f37c351b8e72bf

Fixed

bef324d0853760755341c3ea7ca9469e4d962377

Database specific

{
    "versions": [
        {
            "introduced": "18.2"
        },
        {
            "fixed": "18.2.2"
        }
    ]
}

Affected versions

v18.*

v18.1.0-ee

v18.1.1-ee

v18.1.2-ee

v18.1.3-ee

v18.2.0-ee

v18.2.1-ee