GitLab 中的授权不正确(CVE-2024-2743)
CVE编号
CVE-2024-2743利用情况
暂无补丁情况
N/A披露时间
2024-09-13漏洞描述
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/451014 | |
https://hackerone.com/reports/2411756 |
受影响软件情况
# | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
1 | |||||||||
---|---|---|---|---|---|---|---|---|---|
运行在以下环境 | |||||||||
系统 | alma_linux_8 | kernel | * | Up to (excluding) 4.18.0-553.16.1.rt7.357.el8_10 | |||||
运行在以下环境 | |||||||||
系统 | amazon_2023 | kernel | * | Up to (excluding) 6.1.84-99.169.amzn2023 | |||||
运行在以下环境 | |||||||||
系统 | anolis_os_8 | kernel | * | Up to (excluding) 4.18 | |||||
运行在以下环境 | |||||||||
系统 | opensuse_5.5 | kernel | * | Up to (excluding) 5.14.21-150500.13.64.1 | |||||
运行在以下环境 | |||||||||
系统 | opensuse_Leap_15.5 | kernel | * | Up to (excluding) 5.14.21-150500.33.60.1 | |||||
运行在以下环境 | |||||||||
系统 | opensuse_Leap_15.6 | kernel | * | Up to (excluding) 6.4.0-150600.8.5.4 | |||||
运行在以下环境 | |||||||||
系统 | oracle_8 | kernel | * | Up to (excluding) 4.18.0-553.16.1.el8_10 | |||||
运行在以下环境 | |||||||||
系统 | oracle_9 | kernel | * | Up to (excluding) 5.14.0-427.26.1.el9_4 | |||||
运行在以下环境 | |||||||||
系统 | redhat_8 | kernel | * | Up to (excluding) 4.18.0-553.16.1.el8_10 | |||||
运行在以下环境 | |||||||||
系统 | redhat_9 | kernel | * | Up to (excluding) 7.3.0-427.31.1.el9_4 | |||||
运行在以下环境 | |||||||||
系统 | rocky_linux_8 | kernel | * | Up to (excluding) 4.18.0-553.16.1.rt7.357.el8_10 | |||||
运行在以下环境 | |||||||||
系统 | rocky_linux_9 | kernel | * | Up to (excluding) 5.14.0-427.26.1.el9_4 | |||||
运行在以下环境 | |||||||||
系统 | suse_12.sp5 | kernel | * | Up to (excluding) 4.12.14-16.194.1 | |||||
- 攻击路径 N/A
- 攻击复杂度 N/A
- 权限要求 N/A
- 影响范围 N/A
- 用户交互 N/A
- 可用性 N/A
- 保密性 N/A
- 完整性 N/A
CWE-ID | 漏洞类型 |
Exp相关链接

版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论