PT-2024-5968 · Gitlab · Gitlab Ce/Ee+1

Ricardobrito

Published

2024-04-23

Updated

2024-09-05

CVE-2024-7057

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0

Description The issue is related to insufficient authorization procedures in GitLab, allowing a remote attacker to gain unauthorized access to protected information. Specifically, an information disclosure vulnerability can expose job artifacts to users without the proper authorization level.

Recommendations For GitLab CE/EE versions 16.7 through 17.0.4, update to version 17.0.5 or later. For GitLab CE/EE versions 17.1 through 17.1.2, update to version 17.1.3 or later. For GitLab CE/EE versions 17.2 through 17.2.0, update to version 17.2.1 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2024-06776

BIT-GITLAB-2024-7057

CVE-2024-7057

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2024-5968 · Gitlab · Gitlab Ce/Ee+1

CVE-2024-7057

Weakness Enumeration

Related Identifiers

Affected Products

References · 14