CVE-2024-4784 MEDIUM

CVE-2024-4784: Authentication Bypass by Primary Weakness in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-305
Published August 8, 2024
Last update August 29, 2024

CVSS base score

4.2/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

Key dates

02Disclosure timeline

August 8, 2024 CVE published
August 29, 2024 Record updated