Unrated severityNVD Advisory· Published Sep 26, 2024· Updated Sep 27, 2024
Incorrect Provision of Specified Functionality in GitLab
CVE-2024-8974
Description
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 15.6
- (no CPE)range: >=15.6, <17.2.8 | >=17.3, <17.3.4 | >=17.4, <17.4.1
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/482843mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 17.4.1, 17.3.4, 17.2.8GitLab Security Releases · Sep 25, 2024