CVE-2024-3127

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 23, 2024
CWE ID 284

Summary

CVE-2024-3127 is a vulnerability affecting GitLab EE across various versions, specifically those from 12.5 prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. This security issue may allow unauthorized users to bypass IP restrictions for groups via GraphQL, enabling them to perform certain actions at the group level without proper authorization. The vulnerability has a medium severity rating with an exploitability score of 2.8, indicating that it requires low privileges and no user interaction for exploitation over a network. To remediate this issue, organizations should upgrade their GitLab EE installations to versions 17.1.6 or later, 17.2.4 or later, and 17.3.1 or later as soon as possible to mitigate potential risks associated with unauthorized access and control within their environments.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share