Get Started

GitLab: Vulnerability Allowing IP Restriction Bypass

by the Hossted team
26.08.2024

In GitLab versions starting from 12.5 before 17.1.6, versions starting from 17.2 before 17.2.4, and versions starting from 17.3 before 17.3.1 a medium severity vulnerability CVE-2024-3127 was detected. Under certain conditions, unauthorized users might be able to bypass IP restrictions for groups via GraphQL and perform some group-level actions. To fix this problem, users should upgrade to version 17.1.6, 17.2.4, 17.3.1, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-3127.

Related articles
OSSpedia
DevOps 2 Apr 2024 Maximize GitLab OSS: Powering DevOps with Open-Source Genius Developer Tools GIT
DevOps 14 Nov 2024 Gitlab: XSS Attacks in Specific Versions Developer Tools GIT