PT-2024-30151 · Gitlab · Gitlab Ce/Ee+1
Ac7N0
·
Published
2024-09-25
·
Updated
2024-10-08
·
CVE-2024-4278
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab EE versions 16.5 through 17.2.7
GitLab EE versions 17.3 through 17.3.3
GitLab EE versions 17.4 through 17.4.0
Description
An information disclosure issue has been discovered in GitLab EE. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
Recommendations
For versions 16.5 through 17.2.7, update to version 17.2.8 or later.
For versions 17.3 through 17.3.3, update to version 17.3.4 or later.
For versions 17.4 through 17.4.0, update to version 17.4.1 or later.
As a temporary workaround, consider restricting access to the Dependency Proxy setting until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee