CVE-2024-12244

MEDIUM

GitLab 17.7-17.9.6, 17.10-17.10.4, 17.11 - Missing Authorization

Title source: llm
STIX 2.1

Description

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.

References (2)

Core 2
Core References
Exploit, Issue Tracking issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/508046
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2862754

Scores

CVSS v3 4.3
EPSS 0.0008
EPSS Percentile 23.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
gitlab/gitlab 17.11.0 (2 CPE variants)
gitlab/gitlab 17.7.0 - 17.9.7 (2 CPE variants)
Published Apr 24, 2025
Tracked Since Feb 18, 2026