Lucene search

Ubuntu.comUB:CVE-2024-4011

HistoryJun 27, 2024 - 12:00 a.m.

CVE-2024-4011

2024-06-2700:00:00

ubuntu.com

gitlab security version 16.1-17.1.1

unauthorized key promotion

low impact

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.5 Medium

AI Score

Confidence

Low

JSON

An issue was discovered in GitLab CE/EE affecting all versions starting
from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and
starting from 17.1 prior to 17.1.1, which allows non-project member to
promote key results to objectives.

Notes

Author	Note
	Priority reason: Low impact.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/457235

hackerone.com/reports/2456186

launchpad.net/bugs/cve/CVE-2024-4011

nvd.nist.gov/vuln/detail/CVE-2024-4011

security-tracker.debian.org/tracker/CVE-2024-4011

www.cve.org/CVERecord?id=CVE-2024-4011

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.5 Medium

AI Score

Confidence

Low

JSON

Related for UB:CVE-2024-4011