CVE-2024-8116

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.9 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1

Description An issue has been discovered in GitLab CE/EE, where an unauthorized user can retrieve branch names by using a specific GraphQL query under specific conditions. This is related to a lack of authorization in the GraphQL Query Handler component. The exploitation of this issue may allow a remote attacker to access confidential information.

Recommendations For GitLab CE/EE versions 16.9 through 17.4.5, update to version 17.4.6 or later. For GitLab CE/EE versions 17.5 through 17.5.3, update to version 17.5.4 or later. For GitLab CE/EE versions 17.6 through 17.6.1, update to version 17.6.2 or later. As a temporary workaround, consider restricting access to the GraphQL query endpoint to minimize the risk of exploitation.