Unrated severityNVD Advisory· Published Sep 12, 2024· Updated Sep 13, 2024
Generation of Error Message Containing Sensitive Information in GitLab
CVE-2024-5435
Description
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 15.10
- (no CPE)range: >=15.10 <17.1.7 || >=17.2 <17.2.5 || >=17.3 <17.3.2
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/2520722mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/464044mitreissue-trackingpermissions-required
News mentions
1- GitLab Critical Patch Release: 17.3.2, 17.2.5, 17.1.7GitLab Security Releases · Sep 11, 2024