Home > Vulnerability Database > CVE-2024-11669

Mend.io Vulnerability Database

CVE-2024-11669

Date: November 26, 2024

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.

Language: Ruby

Severity Score

6.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-11669

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/501528

Url: https://www.mend.io/vulnerability-database/CVE-2024-11669

Severity Score

6.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-11669

Date: November 26, 2024

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?