{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6323","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2024-06-25T13:25:40.311Z","datePublished":"2024-06-26T23:30:40.557Z","dateUpdated":"2024-09-17T17:03:09.769Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","vendor":"GitLab","versions":[{"lessThan":"16.11.5","status":"affected","version":"16.11.0","versionType":"semver"},{"lessThan":"17.0.3","status":"affected","version":"17.0.0","versionType":"semver"},{"lessThan":"17.1.1","status":"affected","version":"17.1.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"This vulnerability has been discovered internally by @joernchen."}],"descriptions":[{"lang":"en","value":"Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863: Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2024-08-30T13:24:43.223Z"},"references":[{"name":"GitLab Issue #457912","tags":["issue-tracking","permissions-required"],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/457912"}],"solutions":[{"lang":"en","value":"Upgrade to versions 16.11.5, 17.0.3, 17.1.1 or above."}],"title":"Improper Isolation or Compartmentalization in GitLab"},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-02T15:49:24.654987Z","id":"CVE-2024-6323","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-17T17:03:09.769Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:33:05.449Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/457912","name":"GitLab Issue #457912","tags":["issue-tracking","permissions-required","x_transferred"]}]}]}}