VDB

CVE-2024-11669

CVE-2024-11669 PUBLISHED

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.

EPSS 0.02% · 5.2th percentile

Risk Scores

EPSS Score
0.02%
5.2th percentile

Affected Products

VendorProductVersions
Bitnamigitlab17.6.0, 17.5.0, 16.9.8
Bitnamigitlab16.9.8, 17.5.0, 17.6.0

Timeline

  • Jan 21, 1970 Security Advisory
  • Nov 26, 2024 PoC Published
  • Nov 26, 2024 CVE Published
  • Nov 27, 2024 EPSS Score
  • Nov 27, 2024 Coalition ESS Score
  • Dec 15, 2024 EPSS Score
  • Dec 18, 2024 Coalition ESS Score
  • Jan 1, 2025 EPSS Score
  • Jan 18, 2025 EPSS Score
  • Feb 5, 2025 EPSS Score
  • Feb 22, 2025 EPSS Score
  • Mar 11, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›