CVE-2024-10043

Name of the Vulnerable Software and Affected Versions GitLab EE versions 14.3 through 17.4.6 GitLab EE versions 17.5 through 17.5.4 GitLab EE versions 17.6 through 17.6.2

Description The issue is related to the Wiki History Diff feature in GitLab EE, which allows group users to view confidential incident titles, potentially leading to information disclosure. This is due to shortcomings in the authorization mechanism. The estimated number of potentially affected devices is not specified.

Recommendations For GitLab EE versions 14.3 through 17.4.6, update to version 17.4.6 or later to resolve the issue. For GitLab EE versions 17.5 through 17.5.4, update to version 17.5.4 or later to resolve the issue. For GitLab EE versions 17.6 through 17.6.2, update to version 17.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Wiki History Diff feature until a patch is available.