CVE-2024-5318

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/427526	Exploit Issue Tracking
https://hackerone.com/reports/2189464	Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/427526	Exploit Issue Tracking
https://hackerone.com/reports/2189464	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:17.0.0::::community:::
	cpe:2.3:a:gitlab:gitlab:17.0.0::::enterprise:::

History

13 Dec 2024, 17:04

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:17.0.0::::community::: cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:17.0.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:::::community:::*
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/427526 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/427526 - Exploit, Issue Tracking
References	~~() https://hackerone.com/reports/2189464 -~~	() https://hackerone.com/reports/2189464 - Permissions Required
First Time		Gitlab Gitlab gitlab

21 Nov 2024, 09:47

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/427526 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/427526 -
References	~~() https://hackerone.com/reports/2189464 -~~	() https://hackerone.com/reports/2189464 -

03 Oct 2024, 07:15

Type	Values Removed	Values Added
CWE	~~CWE-284~~	CWE-862
Summary		(es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde la 11.11 anterior a la 16.10.6, desde la 16.11 anterior a la 16.11.3 y desde la 17.0 anterior a la 17.0.1. Un usuario invitado puede ver listas de dependencias de proyectos privados a través de artefactos de trabajo.

24 May 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-24 13:15

Updated : 2024-12-13 17:04

NVD link : CVE-2024-5318

Mitre link : CVE-2024-5318

CVE.ORG link : CVE-2024-5318

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-862

Missing Authorization

4.0 /10