CVE-2024-10219

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-10219

Severity

Unknown

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints.

References

https://images.chainguard.dev/security/CGA-vcc6-j3hg-45m5
https://github.com/advisories/GHSA-rwwp-3rv3-j6q6
https://images.chainguard.dev/security/CGA-7j6v-63wc-7x4f
https://images.chainguard.dev/security/CGA-328w-fcc9-52wq
https://images.chainguard.dev/security/CGA-9gqp-cp96-4242
https://gitlab.com/gitlab-org/gitlab/-/issues/500134
https://hackerone.com/reports/2780353

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-10219

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources