CVE-2024-4784

Summary

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab16.7 < 17.0.6affected
GitLabGitLab17.1 < 17.1.4affected
GitLabGitLab17.2 < 17.2.2affected

Weaknesses

  • CWE-305: CWE-305: Authentication Bypass by Primary Weakness

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References