CVE-2024-1539: Missing Authorization in GitLab
First published: Wed Feb 05 2025(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab Enterprise Edition | >=15.2<16.9.7>=16.10<16.10.5>=16.11<16.11.2 |
Remedy
Upgrade to versions 16.11.2, 16.10.5, 16.9.7 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-1539?
CVE-2024-1539 is classified as a medium severity vulnerability.
How do I fix CVE-2024-1539?
To fix CVE-2024-1539, upgrade GitLab EE to versions 16.9.7, 16.10.5, or 16.11.2 or later.
What does CVE-2024-1539 affect?
CVE-2024-1539 affects GitLab EE versions starting from 15.2 up to 16.9.7, and from 16.10 up to 16.10.5, and from 16.11 up to 16.11.2.
Who is impacted by CVE-2024-1539?
CVE-2024-1539 impacts banned group members who could potentially access issue updates through the API.
How was CVE-2024-1539 discovered?
CVE-2024-1539 was discovered as an API vulnerability that could lead to unintended data disclosures.
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/weakness
- agent/source
- agent/last-modified-date
- agent/type
- agent/description
- agent/title
- agent/references
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab enterprise edition