PT-2024-5967 · Gitlab · Gitlab Ce/Ee+1
Luke Duncalfe
·
Published
2024-04-23
·
Updated
2024-09-05
·
CVE-2024-7060
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 15.4 through 17.0.4
GitLab CE/EE versions 17.1 through 17.1.2
GitLab CE/EE versions 17.2 through 17.2.0
Description
The issue is related to an information disclosure vulnerability in the project/group exports component of GitLab. This vulnerability is caused by weaknesses in the authorization procedure, allowing a remote attacker to gain unauthorized access to protected information. The vulnerability enables unauthorized users to view the resultant export.
Recommendations
For GitLab CE/EE versions 15.4 through 17.0.4, update to version 17.0.5 or later.
For GitLab CE/EE versions 17.1 through 17.1.2, update to version 17.1.3 or later.
For GitLab CE/EE versions 17.2 through 17.2.0, update to version 17.2.1 or later.
Exploit
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee