CVE-2024-4784

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-4784
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4784.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-4784
Aliases
Downstream
Published
2024-08-08T10:02:19.809Z
Modified
2025-12-05T07:27:35.539151Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Authentication Bypass by Primary Weakness in GitLab
Details

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

Database specific 
{
    "cwe_ids": [
        "CWE-305"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4784.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9e7d34f7ff11405ece06ec398b66965d153cee6f
Fixed
0769166123e68c6e8fcf99c499c399b8812e9a82
Database specific 
{
    "versions": [
        {
            "introduced": "16.7"
        },
        {
            "fixed": "17.0.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
b7514f9c21c09a9ed2b258f5cfdd56c88f43864a
Fixed
c11684311cb582565711ac4c83ba4764aa73c8f7
Database specific 
{
    "versions": [
        {
            "introduced": "17.1"
        },
        {
            "fixed": "17.1.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
f1ebbe522423b514610449d0f6dc7a262f855314
Fixed
49db6c4d6ac633e3d64f9c72a89c1af9f7c5d575
Database specific 
{
    "versions": [
        {
            "introduced": "17.2"
        },
        {
            "fixed": "17.2.2"
        }
    ]
}

Affected versions

v17.*

v17.1.0-ee
v17.1.1-ee
v17.1.2-ee
v17.1.3-ee
v17.2.0-ee
v17.2.1-ee