Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j94v-jxmv-27r2

Опубликовано: 09 янв. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 4.2

Описание

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

Ссылки

EPSS

Процентиль: 2%
0.00016
Низкий

4.2 Medium

CVSS3

CVE ID

CVE-2024-13041

Дефекты

CWE-286

Связанные уязвимости

ubuntu логотип

CVE-2024-13041

CVSS3: 4.2
ubuntu
6 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

nvd логотип

CVE-2024-13041

CVSS3: 4.2
nvd
6 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

debian логотип

CVE-2024-13041

CVSS3: 4.2
debian
6 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions startin ...

fstec логотип

BDU:2025-00323

CVSS3: 4.2
fstec
6 месяцев назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, связанная с неправильным управлением действиями пользователя, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 2%
0.00016
Низкий

4.2 Medium

CVSS3

CVE ID

CVE-2024-13041

Дефекты

CWE-286