CVE-2024-5470 | GitLab Community Edition/Enterprise Edition up to 17.0.3/17.1.1 Project-level Deploy Token admin_push_rules access control (Issue 464312)

Posted by Angelo Barbosa | Jul 11, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 17.0.3/17.1.1. This issue affects the function admin_push_rules of the component Project-level Deploy Token Handler. The manipulation leads to improper access controls.

The identification of this vulnerability is CVE-2024-5470. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-5470 | GitLab Community Edition/Enterprise Edition up to 17.0.3/17.1.1 Project-level Deploy Token admin_push_rules access control (Issue 464312)

Related Posts

CVE-2023-49417 | Totolink A7000R 9.1.0u.6115_B20201022 setOpModeCfg stack-based overflow

CVE-2024-43188 | IBM Business Automation Workflow 22.0.2/23.0.1/23.0.2/24.0.0 client-side enforcement of server-side security

CVE-2024-22211 | FreeRDP up to 2.11.4/3.1.x planar.c freerdp_bitmap_planar_context_reset heap-based overflow (GHSA-rjhp-44rv-7v59)

CVE-2023-7032 | Schneider Electric Easergy Studio up to 9.3.5 deserialization (SEVD-2024-009-02)