{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-12244","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2024-12-05T14:30:37.459Z","datePublished":"2025-04-24T07:31:11.125Z","dateUpdated":"2025-04-24T15:23:11.499Z"},"containers":{"cna":{"title":"Missing Authorization in GitLab","descriptions":[{"lang":"en","value":"An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"17.7","status":"affected","lessThan":"17.9.7","versionType":"semver"},{"version":"17.10","status":"affected","lessThan":"17.10.5","versionType":"semver"},{"version":"17.11","status":"affected","lessThan":"17.11.1","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-862: Missing Authorization","cweId":"CWE-862","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/508046","name":"GitLab Issue #508046","tags":["issue-tracking","permissions-required"]},{"url":"https://hackerone.com/reports/2862754","name":"HackerOne Bug Bounty Report #2862754","tags":["technical-description","exploit","permissions-required"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 17.9.7, 17.10.5, 17.11.1 or above."}],"credits":[{"lang":"en","value":"Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2025-04-24T07:31:11.125Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-24T13:43:12.202214Z","id":"CVE-2024-12244","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-24T15:23:11.499Z"}}]}}