CVE-2024-4011: Improper Access Control in GitLab

3.1 CVSS

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.

Classification

CVE ID: CVE-2024-4011

CVSS Base Severity: LOW

CVSS Base Score: 3.1

Affected Products

Vendor: GitLab

Product: GitLab

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.22% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://gitlab.com/gitlab-org/gitlab/-/issues/457235
https://hackerone.com/reports/2456186

Timeline

2025-01-10 00:30:46 UTC
CVE

Improper Access Control in GitLab