An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.
History

Fri, 13 Dec 2024 02:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Tue, 26 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 Nov 2024 19:30:00 +0000

Type Values Removed Values Added
Description An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.
Title Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-497
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-11-26T19:22:52.689Z

Updated: 2024-11-26T20:26:23.503Z

Reserved: 2024-10-22T09:02:05.260Z

Link: CVE-2024-10240

cve-icon Vulnrichment

Updated: 2024-11-26T20:24:52.122Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-26T20:15:24.487

Modified: 2024-12-13T01:37:16.177

Link: CVE-2024-10240

cve-icon Redhat

No data.