CVE-2024-1539

Summary

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab15.2 < 16.9.7affected
GitLabGitLab16.10 < 16.10.5affected
GitLabGitLab16.11 < 16.11.2affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References