Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-4278

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.

Published

2024-09-26T07:15:02.603

Last Modified

2024-10-08T19:51:38.403

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-821
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 17.2.8	Yes
Application	gitlab	gitlab	< 17.3.4	Yes
Application	gitlab	gitlab	17.4.0	Yes

References

https://gitlab.com/gitlab-org/gitlab/-/issues/458484 Broken Link ([email protected])
https://hackerone.com/reports/2466205 Permissions Required ([email protected])