CVE-2024-3127

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-3127

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3127.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-3127

Aliases

BIT-gitlab-2024-3127

Related

UBUNTU-CVE-2024-3127

Published

2024-08-22T16:15:08Z

Modified

2024-11-02T02:26:27Z

Summary

[none]

Details

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4878f9ac8941c5ad124c9f2216897109c5dde4af

Fixed

668f9811406b9870ad522cb835a2ced5a12c0780