4.9

CVE-2024-5067

Exploit

Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditionenterprise Version >= 16.11 < 17.0.5
GitlabGitLab SwEditionenterprise Version >= 17.1 < 17.1.3
GitlabGitLab SwEditionenterprise Version >= 17.2 < 17.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.54% 0.413
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
cve@gitlab.com 4.4 0.7 3.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://gitlab.com/gitlab-org/gitlab/-/issues/458504
Broken Link
https://gitlab.com/gitlab-org/gitlab/-/issues/462427
Vendor Advisory
Exploit
Issue Tracking
https://hackerone.com/reports/2462303
Permissions Required
https://hackerone.com/reports/2502047
Permissions Required