CVE-2024-5067

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.11 through 17.0.4 GitLab EE versions 17.1 through 17.1.2 GitLab EE versions 17.2 through 17.2.0

Description The issue is related to insufficient authorization procedures in the Setting Handler component of the GitLab platform, which can allow a remote attacker to gain unauthorized access to protected information. Certain project-level analytics settings could be leaked in the DOM to group members with Developer or higher roles.

Recommendations For GitLab EE versions 16.11 through 17.0.4, update to version 17.0.5 or later. For GitLab EE versions 17.1 through 17.1.2, update to version 17.1.3 or later. For GitLab EE versions 17.2 through 17.2.0, update to version 17.2.1 or later.