An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Tue, 26 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 26 Nov 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances. | |
Title | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-497 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-11-26T19:22:52.689Z
Updated: 2024-11-26T20:26:23.503Z
Reserved: 2024-10-22T09:02:05.260Z
Link: CVE-2024-10240
Vulnrichment
Updated: 2024-11-26T20:24:52.122Z
NVD
Status : Analyzed
Published: 2024-11-26T20:15:24.487
Modified: 2024-12-13T01:37:16.177
Link: CVE-2024-10240
Redhat
No data.