VDB

CVE-2024-3035

CVE-2024-3035 PUBLISHED

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.

EPSS 0.04% · 13.9th percentile

Risk Scores

EPSS Score
0.04%
13.9th percentile

Affected Products

VendorProductVersions
Bitnamigitlab8.12.0, 17.1.0, 17.2.0
Bitnamigitlab17.1.0, 17.2.0, 8.12.0

Timeline

  • Jan 21, 1970 Security Advisory
  • Aug 7, 2024 CVE Published
  • Aug 8, 2024 CVE Updated
  • Aug 13, 2024 EPSS Score
  • Sep 3, 2024 EPSS Score
  • Sep 24, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 14, 2024 EPSS Score
  • Nov 4, 2024 EPSS Score
  • Nov 25, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›