CVE-2024-6323

HIGH

GitLab EE <16.11.5, <17.0.3, <17.1.1 - Info Disclosure

Title source: llm

Description

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.

Exploits (1)

gitlab

by hackerone3183208 · poc

https://gitlab.com/hackerone3183208/cve-6323-bypass-test-deletion_scheduled-79692016

View on gitlab

References (1)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/457912

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 20.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-863

Status published

Products (2)

gitlab/gitlab 17.1.0

gitlab/gitlab 16.11.0 - 16.11.5

Published Jun 27, 2024

Tracked Since Feb 18, 2026