VYPR
Unrated severityNVD Advisory· Published Sep 26, 2024· Updated Sep 26, 2024

Incorrect Synchronization in GitLab

CVE-2024-4278

Description

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.5
    • (no CPE)range: >=16.5 <17.2.8, >=17.3 <17.3.4, >=17.4 <17.4.1
  • osv-coords
    Range: >= 16.5.0, < 17.2.8

Patches

Vulnerability mechanics

References

2

News mentions

1