{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12244", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-12-05T14:30:37.459Z", "datePublished": "2025-04-24T07:31:11.125Z", "dateUpdated": "2025-04-24T15:23:11.499Z"}, "containers": {"cna": {"title": "Missing Authorization in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://[email protected]:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "17.7", "status": "affected", "lessThan": "17.9.7", "versionType": "semver"}, {"version": "17.10", "status": "affected", "lessThan": "17.10.5", "versionType": "semver"}, {"version": "17.11", "status": "affected", "lessThan": "17.11.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862: Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508046", "name": "GitLab Issue #508046", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2862754", "name": "HackerOne Bug Bounty Report #2862754", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 17.9.7, 17.10.5, 17.11.1 or above."}], "credits": [{"lang": "en", "value": "Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-04-24T07:31:11.125Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-24T13:43:12.202214Z", "id": "CVE-2024-12244", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T15:23:11.499Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12244", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-24T13:43:12.202214Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:48:21.115Z"}}], "cna": {"title": "Missing Authorization in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://[email protected]:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "17.7", "lessThan": "17.9.7", "versionType": "semver"}, {"status": "affected", "version": "17.10", "lessThan": "17.10.5", "versionType": "semver"}, {"status": "affected", "version": "17.11", "lessThan": "17.11.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 17.9.7, 17.10.5, 17.11.1 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508046", "name": "GitLab Issue #508046", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2862754", "name": "HackerOne Bug Bounty Report #2862754", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-04-24T07:31:11.125Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12244", "state": "PUBLISHED", "dateUpdated": "2025-04-24T15:23:11.499Z", "dateReserved": "2024-12-05T14:30:37.459Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-04-24T07:31:11.125Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "5F0499FE-AB96-4929-B157-EEF7E87941DD", "versionEndExcluding": "17.9.7", "versionStartIncluding": "17.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "95E72E4A-81D8-445D-A4BD-2F7A15ABB44D", "versionEndExcluding": "17.9.7", "versionStartIncluding": "17.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "C81D345F-13AE-4508-B4C6-60E361EADC00", "versionEndExcluding": "17.10.5", "versionStartIncluding": "17.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CA1D8D06-9A39-43E9-A638-5C82A59C00B4", "versionEndExcluding": "17.10.5", "versionStartIncluding": "17.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.11.0:*:*:*:community:*:*:*", "matchCriteriaId": "DC849E49-FBCD-4F20-BCFA-E28BC7FF640F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.11.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D30C941F-4464-4E1A-AA49-624F451A9A4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1."}, {"lang": "es", "value": "Se ha descubierto un problema en los controles de acceso que podr\u00eda permitir a los usuarios ver cierta informaci\u00f3n restringida del proyecto incluso cuando las funciones relacionadas est\u00e1n deshabilitadas en GitLab EE, lo que afecta a todas las versiones desde la 17.7 anterior a la 17.9.7, la 17.10 anterior a la 17.10.5 y la 17.11 anterior a la 17.11.1."}], "id": "CVE-2024-12244", "lastModified": "2025-08-08T16:54:18.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-04-24T08:15:14.020", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508046"}, {"source": "[email protected]", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2862754"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Primary"}]}

{}