First published: Thu May 23 2024(Updated: )
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=16.10.0<16.10.6 | |
GitLab GitLab | >=16.10.0<16.10.6 | |
GitLab GitLab | >=16.11.0<16.11.3 | |
GitLab GitLab | >=16.11.0<16.11.3 | |
GitLab GitLab | =17.0.0 | |
GitLab GitLab | =17.0.0 |
Upgrade to versions 16.10.6, 16.11.3, 17.0.1 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.