CVE-2024-8974
EUVD-2024-4951626.09.2024, 23:15
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gitlab | gitlab | 15.6.0 ≤ 𝑥 < 17.2.8 |
| gitlab | gitlab | 15.6.0 ≤ 𝑥 < 17.2.8 |
| gitlab | gitlab | 17.3.0 ≤ 𝑥 < 17.3.4 |
| gitlab | gitlab | 17.3.0 ≤ 𝑥 < 17.3.4 |
| gitlab | gitlab | 17.4.0 |
| gitlab | gitlab | 17.4.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-684 - Incorrect Provision of Specified FunctionalityThe code does not function according to its published specifications, potentially leading to incorrect usage.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.