Vulnerabilities > CVE-2024-5257 - Unspecified vulnerability in Gitlab

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

gitlab

NVD

Published: 2024-07-11

Updated: 2024-07-12

Summary

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.

Vulnerable Configurations

Part	Description	Count
Application	Gitlab Gitlab Gitlab 17.1.0 Gitlab Gitlab 17.1.1 Gitlab Gitlab 17.0.0 Gitlab Gitlab 17.0.1 Gitlab Gitlab 17.0.2 Gitlab Gitlab 17.0.3	12

References

https://gitlab.com/gitlab-org/gitlab/-/issues/463149
https://hackerone.com/reports/2513934