CVE-2024-11669

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9.8 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1

Description: The issue is related to the incorrect handling of token scopes in GitLab CE/EE, which could allow unauthorized access to sensitive data through certain API endpoints. This is due to the overly broad application of token scopes. The vulnerability may be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations: For GitLab CE/EE versions 16.9.8 through 17.4.5, update to a version after 17.4.5 to resolve the issue. For GitLab CE/EE versions 17.5 through 17.5.3, update to a version after 17.5.3 to resolve the issue. For GitLab CE/EE versions 17.6 through 17.6.1, update to a version after 17.6.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive API endpoints until a patch is available.