{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "16.11" }, { "fixed": "17.4.5" } ] }, "events": [ { "introduced": "22834294718a25956b0a859c8eed72248300eeee" }, { "fixed": "3ead12a16d7bd8f1c481504e03042aaf6e10f108" } ], "repo": "https://gitlab.com/gitlab-org/gitlab", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "17.5" }, { "fixed": "17.5.3" } ] }, "events": [ { "introduced": "173959793c1163052d16c2158773ea9504aa712e" }, { "fixed": "9d81c27eee72f4a5fca5ced8394b72df155e1646" } ], "repo": "https://gitlab.com/gitlab-org/gitlab", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "17.6" }, { "fixed": "17.6.1" } ] }, "events": [ { "introduced": "a8830741d3c4ad7f6a70eed38ee7af31f298d093" }, { "fixed": "5f698b15f67b3a7a905ec04dd65ea086376e749a" } ], "repo": "https://gitlab.com/gitlab-org/gitlab", "type": "GIT" } ] } ], "database_specific": { "cna_assigner": "GitLab", "cwe_ids": [ "CWE-613" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/11xxx/CVE-2024-11668.json" }, "details": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.", "id": "CVE-2024-11668", "modified": "2026-04-01T23:07:51.899578359Z", "published": "2024-11-26T18:30:45.846Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/11xxx/CVE-2024-11668.json" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11668" }, { "type": "REPORT", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/456922" }, { "type": "PACKAGE", "url": "git://git@gitlab.com:gitlab-org/gitlab.git" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "type": "CVSS_V3" } ], "summary": "Insufficient Session Expiration in GitLab" }