CVE-2024-6356

MEDIUM

GitLab 16.0.0-17.0.5 17.1.0-17.1.3 17.2.0-17.2.1 - Incorrect User Management

Title source: llm
STIX 2.1

Description

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot.

References (2)

Core 2
Core References
Exploit, Issue Tracking issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/469108
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2575051

Scores

CVSS v3 4.4
EPSS 0.0004
EPSS Percentile 11.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-286
Status published
Products (1)
gitlab/gitlab 16.0.0 - 17.0.6
Published Feb 05, 2025
Tracked Since Feb 18, 2026