CVE-2024-4278

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:enterprise:*:*:*

History

08 Oct 2024, 19:51

Type Values Removed Values Added
CWE CWE-662 NVD-CWE-Other

26 Sep 2024, 16:55

Type Values Removed Values Added
First Time Gitlab
Gitlab gitlab
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 2.7
CWE CWE-662
References () https://gitlab.com/gitlab-org/gitlab/-/issues/458484 - () https://gitlab.com/gitlab-org/gitlab/-/issues/458484 - Broken Link
References () https://hackerone.com/reports/2466205 - () https://hackerone.com/reports/2466205 - Permissions Required
CPE cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Se ha descubierto un problema de divulgación de información en GitLab EE que afecta a todas las versiones a partir de la 16.5 anterior a la 17.2.8, de la 17.3 anterior a la 17.3.4 y de la 17.4 anterior a la 17.4.1. Un mantenedor podría obtener una contraseña de proxy de dependencia editando una determinada configuración de proxy de dependencia.

26 Sep 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 07:15

Updated : 2024-10-08 19:51


NVD link : CVE-2024-4278

Mitre link : CVE-2024-4278

CVE.ORG link : CVE-2024-4278


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-Other CWE-821

Incorrect Synchronization