CVE-2024-5430

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.10 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1

Description: The issue is related to insufficient access control in the implementation of the GitLab platform's application programming interface for collaborative code work. This can allow a remote attacker to gain read, modify, or delete access to data. Specifically, a project maintainer can delete the merge request approval policy via graphQL.

Recommendations: For versions 16.10 through 16.11.5, update to version 16.11.5 or later. For versions 17.0 through 17.0.3, update to version 17.0.3 or later. For versions 17.1 through 17.1.1, update to version 17.1.1 or later. As a temporary workaround, consider restricting access to the graphQL endpoint to minimize the risk of exploitation.