CVE-2024-6685

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-6685
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6685.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-6685
Aliases
Downstream
Published
2024-09-16T21:33:58.732Z
Modified
2026-03-12T17:26:53.326621Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Authorization Bypass Through User-Controlled Key in GitLab
Details

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.

Database specific 
{
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6685.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9e7d34f7ff11405ece06ec398b66965d153cee6f
Fixed
84cf95d60d2691201b17bb4d41a95987ded847fb
Database specific 
{
    "versions": [
        {
            "introduced": "16.7"
        },
        {
            "fixed": "17.1.7"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
5aad128b1defa01641e69fdcd5a2ec16bd1d4c2c
Fixed
e57a21dee4e7487b5312c3b2c1f2db63efdbb773
Fixed
a141138e1e0577692eba3d1eb9215fd6f3639003
Database specific 
{
    "versions": [
        {
            "introduced": "17.3"
        },
        {
            "fixed": "17.2.5"
        },
        {
            "fixed": "17.3.2"
        }
    ]
}

Affected versions

v17.*
v17.3.0-ee
v17.3.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6685.json"