Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-13041

Опубликовано: 09 янв. 2025
Источник: ubuntu
Приоритет: negligible
EPSS Низкий
CVSS3: 4.2

Описание

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

РелизСтатусПримечание
devel

DNE

esm-apps/xenial

ignored

esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 2%
0.00016
Низкий

4.2 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-13041

CVSS3: 4.2
nvd
5 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

debian логотип

CVE-2024-13041

CVSS3: 4.2
debian
5 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions startin ...

github логотип

GHSA-j94v-jxmv-27r2

CVSS3: 4.2
github
5 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

fstec логотип

BDU:2025-00323

CVSS3: 4.2
fstec
5 месяцев назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, связанная с неправильным управлением действиями пользователя, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 2%
0.00016
Низкий

4.2 Medium

CVSS3