Home > Vulnerability Database > CVE-2024-3035

Mend.io Vulnerability Database

CVE-2024-3035

Good to know:

Date: August 8, 2024

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.

Language: Ruby

Severity Score

6.8

Related Resources (4)

Url: https://hackerone.com/reports/2424715

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3035

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/452297

Url: https://www.mend.io/vulnerability-database/CVE-2024-3035

Severity Score

6.8

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version v17.0.6,v17.1.4,v17.2.2

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3035

Good to know:

Date: August 8, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?