Get Started

Gitlab: Role Allows URL Change for Group Namespace

by the Hossted team
18.07.2024

In GitLab CE/EE versions 17.0 to 17.0.3 and 17.1 to 17.1.1 a medium severity vulnerability CVE-2024-5257 was detected. A developer with the admin_compliance_framework role could change the URL for a group namespace. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5257.

Related articles
OSSpedia
DevOps 2 Apr 2024 Maximize GitLab OSS: Powering DevOps with Open-Source Genius Developer Tools GIT
DevOps 14 Nov 2024 Gitlab: XSS Attacks in Specific Versions Developer Tools GIT