An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.
History

Thu, 12 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 11:45:00 +0000

Type Values Removed Values Added
Description An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.
Title Incorrect Provision of Specified Functionality in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-684
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-10-11T11:30:57.104Z

Updated: 2024-10-11T13:41:55.311Z

Reserved: 2024-05-16T14:02:33.104Z

Link: CVE-2024-5005

cve-icon Vulnrichment

Updated: 2024-10-11T13:41:50.961Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-11T13:15:16.317

Modified: 2024-12-12T19:55:10.777

Link: CVE-2024-5005

cve-icon Redhat

No data.