CVE-2024-11668 — Vulnetix

CVE-2024-11668 PUBLISHED

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.

EPSS 0.01% · 1.3th percentile

Risk Scores

EPSS Score

0.01%

1.3th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	16.11.0, 17.5.0, 17.6.0
Bitnami	gitlab	17.5.0, 17.6.0, 16.11.0

Timeline

Jan 21, 1970 Security Advisory
Nov 26, 2024 PoC Published
Nov 26, 2024 CVE Published
Nov 26, 2024 PoC Published
Nov 27, 2024 EPSS Score
Dec 12, 2024 CVE Updated
Dec 15, 2024 EPSS Score
Jan 1, 2025 EPSS Score
Jan 2, 2025 Coalition ESS Score
Jan 18, 2025 EPSS Score
Feb 5, 2025 EPSS Score
Feb 13, 2025 Coalition ESS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/456922 url
https://nvd.nist.gov/vuln/detail/CVE-2024-11668 url

Open in Interactive Console →