5.3

CVE-2024-10240

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version >= 17.3.0 < 17.3.7
GitlabGitlab SwEditionenterprise Version >= 17.3.0 < 17.3.7
GitlabGitlab SwEditioncommunity Version >= 17.4.0 < 17.4.4
GitlabGitlab SwEditionenterprise Version >= 17.4.0 < 17.4.4
GitlabGitlab SwEditioncommunity Version >= 17.5.0 < 17.5.2
GitlabGitlab SwEditionenterprise Version >= 17.5.0 < 17.5.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.355
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.