CVE-2024-8974

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.6 through 17.2.7 GitLab versions 17.3 through 17.3.3 GitLab versions 17.4 through 17.4.0

Description: The issue is related to errors in representation of given functions in the GitLab platform, allowing a remote attacker to gain unauthorized access to protected information. In specific conditions, it was possible to disclose the path of a private project to an unauthorized user.

Recommendations: For GitLab versions 15.6 through 17.2.7, update to version 17.2.8 or later. For GitLab versions 17.3 through 17.3.3, update to version 17.3.4 or later. For GitLab versions 17.4 through 17.4.0, update to version 17.4.1 or later.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-684

Related Identifiers

BDU:2024-07917

BIT-GITLAB-2024-8974

CVE-2024-8974

Affected Products

Gitlab

CVE-2024-8974

Weakness Enumeration

Related Identifiers

Affected Products

References · 15