CVE-2024-13041 – GitLab SAML Provider External Group Configuration Bypass Vulnerability

1月 9, 2025
8:17 am

CVE ID : CVE-2024-13041

Published : Jan. 9, 2025, 7:15 a.m. | 1 hour, 1 minute ago

Description : An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-13041 – GitLab SAML Provider External Group Configuration Bypass Vulnerability

Elvescore.io

Recent Posts

CVE-2025-21592 – Juniper Networks Junos OS SRX Series Information Disclosure Vulnerability

CVE-2025-21593 – “Juniper Networks Junos OS and Junos OS Evolved SRv6 BGP UPDATE Packet Denial-of-Service Vulnerability”

CVE-2025-21596 – Juniper Networks Junos OS SRX1500, SRX4100, SRX4200 Denial of Service (DoS) Command Injectionunga

CVE-2025-21599 – Juniper Networks Junos OS Evolved IPv6 Malformed Packet Memory Exhaustion Denial of Service

CVE-2025-21600 – “Juniper Networks Junos OS and Junos OS Evolved BGP Daemon OOB Read DoS”

CVE-2025-21602 – Juniper Networks Junos OS and Junos OS Evolved BGP Routing Protocol Denial of Service

CVE-2024-13041 – GitLab SAML Provider External Group Configuration Bypass Vulnerability

CVE-2024-13041 – GitLab SAML Provider External Group Configuration Bypass Vulnerability