CVE-2024-4784

MEDIUM

GitLab EE <17.0.6-17.2.2 - Auth Bypass

Title source: llm
STIX 2.1

Description

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

References (2)

Core 2
Core References
Broken Link issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/461248
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2486223

Scores

CVSS v3 4.2
EPSS 0.0027
EPSS Percentile 18.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-305 CWE-287
Status published
Products (1)
gitlab/gitlab 16.7.0 - 17.0.6
Published Aug 08, 2024
Tracked Since Feb 18, 2026