Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-13041

Опубликовано: 09 янв. 2025
Источник: nvd
CVSS3: 4.2
EPSS Низкий

Описание

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

Ссылки

EPSS

Процентиль: 2%
0.00016
Низкий

4.2 Medium

CVSS3

Дефекты

CWE-286

Связанные уязвимости

ubuntu логотип

CVE-2024-13041

CVSS3: 4.2
ubuntu
5 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

debian логотип

CVE-2024-13041

CVSS3: 4.2
debian
5 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions startin ...

github логотип

GHSA-j94v-jxmv-27r2

CVSS3: 4.2
github
5 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

fstec логотип

BDU:2025-00323

CVSS3: 4.2
fstec
5 месяцев назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, связанная с неправильным управлением действиями пользователя, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 2%
0.00016
Низкий

4.2 Medium

CVSS3

Дефекты

CWE-286