{"id":"CVE-2024-6502","summary":"Incorrect Provision of Specified Functionality in GitLab","details":"An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.","aliases":["BIT-gitlab-2024-6502"],"modified":"2026-04-10T05:19:22.571334Z","published":"2024-08-22T15:30:52.480Z","database_specific":{"cna_assigner":"GitLab","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6502.json","cwe_ids":["CWE-684"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6502.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6502"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/470647"},{"type":"REPORT","url":"https://hackerone.com/reports/2574561"},{"type":"PACKAGE","url":"git://git@gitlab.com:gitlab-org/gitlab.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"07140614ca47a39ac24c725298dd8ab9e9b6033f"},{"fixed":"668f9811406b9870ad522cb835a2ced5a12c0780"}],"database_specific":{"versions":[{"introduced":"8.2"},{"fixed":"17.1.6"}]}},{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"f1ebbe522423b514610449d0f6dc7a262f855314"},{"fixed":"2c8b5432e8b6cbec3e12a9c1b5cb5567aa422b3c"}],"database_specific":{"versions":[{"introduced":"17.2"},{"fixed":"17.2.4"}]}},{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"5aad128b1defa01641e69fdcd5a2ec16bd1d4c2c"},{"fixed":"df01858216e720acb4491a69a3bc6227a1f6ae1e"}],"database_specific":{"versions":[{"introduced":"17.3"},{"fixed":"17.3.1"}]}}],"versions":["v17.2.0-ee","v17.3.0-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6502.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}]}