CVE-2024-6323: 
GitLab vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2024-6323) was discovered in GitLab Enterprise Edition affecting versions from 16.11 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. The vulnerability was reported by GitLab Team Member @joernchen and received a CVSS v3.1 base score of 7.5 (GitLab Release).

The vulnerability stems from an improper authorization implementation in the global search functionality of GitLab EE. The issue is classified under CWE-863 (Incorrect Authorization) and has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, no privileges required, and high confidentiality impact (NVD).

The vulnerability allows an attacker to leak content of a private repository that exists within a public project, potentially exposing sensitive information. This represents a significant confidentiality breach as it could expose private code and sensitive data to unauthorized users (CERT-EU).

The vulnerability has been fixed in GitLab Enterprise Edition versions 16.11.5, 17.0.3, and 17.1.1. Organizations running affected versions are strongly recommended to upgrade to the patched versions immediately. GitLab.com has already been updated with the patched version (GitLab Release).