Vulnerability Details CVE-2024-5430
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2024-5430
-
cpe:2.3:a:gitlab:gitlab:16.10.0
-
cpe:2.3:a:gitlab:gitlab:16.10.1
-
cpe:2.3:a:gitlab:gitlab:16.10.10
-
cpe:2.3:a:gitlab:gitlab:16.10.2
-
cpe:2.3:a:gitlab:gitlab:16.10.3
-
cpe:2.3:a:gitlab:gitlab:16.10.4
-
cpe:2.3:a:gitlab:gitlab:16.10.5
-
cpe:2.3:a:gitlab:gitlab:16.10.6
-
cpe:2.3:a:gitlab:gitlab:16.10.7
-
cpe:2.3:a:gitlab:gitlab:16.10.8
-
cpe:2.3:a:gitlab:gitlab:16.10.9
-
cpe:2.3:a:gitlab:gitlab:16.11.0
-
cpe:2.3:a:gitlab:gitlab:16.11.1
-
cpe:2.3:a:gitlab:gitlab:16.11.2
-
cpe:2.3:a:gitlab:gitlab:16.11.3
-
cpe:2.3:a:gitlab:gitlab:16.11.4
-
cpe:2.3:a:gitlab:gitlab:17.0.0
-
cpe:2.3:a:gitlab:gitlab:17.0.1
-
cpe:2.3:a:gitlab:gitlab:17.0.2
-
cpe:2.3:a:gitlab:gitlab:17.1.0