CVE-2024-11669
Incorrect Authorization in GitLab
7.5
HIGH
CVSS 3.1
EPSS 0.02%
Description
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
How to fix CVE-2024-11669
To remediate CVE-2024-11669, upgrade the affected package to a fixed version below.
- —upgrade to 17.4.5 or later
Is CVE-2024-11669 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 16.9.8, < 17.4.5, >= 17.5.0, < 17.5.3, >= 17.6.0, < 17.6.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |