CVE-2024-7060

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.

CVSS v3 2.6 LOW

2.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/437894	Broken Link
https://gitlab.com/gitlab-org/gitlab/-/issues/437894	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

21 Nov 2024, 09:50

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/437894 - Broken Link~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/437894 - Broken Link
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 2.6

05 Sep 2024, 17:30

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
Summary		(es) Una vulnerabilidad de divulgación de información en GitLab CE/EE en exportaciones de proyectos/grupos que afecta a todas las versiones desde 15.4 anterior a 17.0.5, 17.1 anterior a 17.1.3 y 17.2 anterior a 17.2.1 permite a usuarios no autorizados ver la exportación resultante.
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/437894 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/437894 - Broken Link
First Time		Gitlab Gitlab gitlab
CVSS	v2 : ~~unknown~~ v3 : ~~2.6~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*

24 Jul 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-24 23:15

Updated : 2024-11-21 09:50

NVD link : CVE-2024-7060

Mitre link : CVE-2024-7060

CVE.ORG link : CVE-2024-7060

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-7060", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-24T23:15:09.817", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437894", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437894", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en GitLab CE/EE en exportaciones de proyectos/grupos que afecta a todas las versiones desde 15.4 anterior a 17.0.5, 17.1 anterior a 17.1.3 y 17.2 anterior a 17.2.1 permite a usuarios no autorizados ver la exportaci\u00f3n resultante."}], "lastModified": "2024-11-21T09:50:48.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "7B522ADA-8F6C-4824-8FE9-502D1DB8073A", "versionEndExcluding": "17.0.5", "versionStartIncluding": "15.4"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D429C82D-08BB-4729-B81E-9694960DA273", "versionEndExcluding": "17.0.5", "versionStartIncluding": "15.4"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "2AAB2105-E23B-4B5B-B1FB-63E2B406C15D", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "BDEB6BD0-A0F9-4ECD-8BB1-DAD86FDB23DE", "versionEndExcluding": "17.2.1", "versionStartIncluding": "17.2"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1", "versionEndExcluding": "17.2.1", "versionStartIncluding": "17.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}