CVE-2024-1347

2024-04-2512:04:39

redhat.com

access.redhat.com

gitlab

flaw

domain-based restriction

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A flaw was found in GitLab CE/EE. Under certain conditions, an attacker, through a crafted email address, can bypass domain-based restrictions on an instance or a group. This issue affects all versions through 16.9.6, 16.10 through 16.10.4, and 16.11 through 16.11.1.