Unrated severityNVD Advisory· Published Oct 10, 2024· Updated Oct 10, 2024
Inclusion of Sensitive Information in Source Code in GitLab
CVE-2024-9596
Description
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.6
- (no CPE)range: >=16.6 <17.2.9 || >=17.3 <17.3.5 || >=17.4 <17.4.2
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/493355mitreissue-trackingpermissions-required
News mentions
1- GitLab Critical Patch Release: 17.4.2, 17.3.5, 17.2.9GitLab Security Releases · Oct 9, 2024