CVE-2024-12431

Summary

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab15.5 < 17.5.5affected
GitLabGitLab17.6 < 17.6.3affected
GitLabGitLab17.7 < 17.7.1affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References