admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-30xx/CVE-2024-3035.json
cad-safe-bot f4d5c1a5d9 Auto-Update: 2024-08-29T16:00:18.154321+00:00
2024-08-29 16:03:14 +00:00

154 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-3035",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-08-08T11:15:12.503",
"lastModified": "2024-08-29T15:55:30.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories."
},
{
"lang": "es",
"value": "Una vulnerabilidad de verificaci\u00f3n de permisos en GitLab CE/EE que afecta a todas las versiones desde 8.12 anterior a 17.0.6, 17.1 anterior a 17.1.4 y 17.2 anterior a 17.2.2 permiti\u00f3 que los tokens LFS leyeran y escribieran en los repositorios propiedad del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.12.0",
"versionEndExcluding": "17.0.6",
"matchCriteriaId": "B54ED79A-C1EA-4296-9553-595C2FED98D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.12.0",
"versionEndExcluding": "17.0.6",
"matchCriteriaId": "551EDDC6-ADAF-48D9-AFF6-246BD23EF79D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.4",
"matchCriteriaId": "1D5FC3BB-8A05-491A-8AB1-8D41CAF39AFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.4",
"matchCriteriaId": "6CA14692-9997-4A11-8B3D-29199A3498D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.2",
"matchCriteriaId": "153C136B-FF14-43EC-AE67-68273DF7D9ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.2",
"matchCriteriaId": "2BE7EFA9-D9B4-4E7E-81B2-597D3DC5756E"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452297",
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2424715",
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink