Unrated severityNVD Advisory· Published Sep 26, 2024· Updated Sep 26, 2024
Incorrect Synchronization in GitLab
CVE-2024-4278
Description
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.5
- (no CPE)range: >=16.5 <17.2.8, >=17.3 <17.3.4, >=17.4 <17.4.1
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/2466205mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/458484mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 17.4.1, 17.3.4, 17.2.8GitLab Security Releases · Sep 25, 2024