July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Products Vulnerabilities
May 6, 2025UDP Vulnerability in Windows Deployment Services Enables Zero-Click System Crashes
May 6, 2025Multiple Microsoft Products Vulnerabilities
May 6, 2025UDP Vulnerability in Windows Deployment Services Enables Zero-Click System Crashes
May 6, 2025
Severity
Medium
Analysis Summary
CVE-2024-11669 CVSS:6.5
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
CVE-2024-11828 CVSS:4.3
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.
Impact
- Information Disclosure
- Denial of Service
Indicators of Compromise
CVE
CVE-2024-11669
CVE-2024-11828
Affected Vendors
- GitLab
Affected Products
- GitLab - 17.5
- GitLab - 17.6
- GitLab - 16.9.8
- GitLab - 13.2.4
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.