CVE-2024-10240

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-10240

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10240.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-10240

Aliases

BIT-gitlab-2024-10240

Related

UBUNTU-CVE-2024-10240

Published

2024-11-26T20:15:24Z

Modified

2025-01-08T15:47:04.961672Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

5aad128b1defa01641e69fdcd5a2ec16bd1d4c2c

Fixed

d8f6f1674158117b616f0e80f619625a9e9c79f8

Affected versions

v17.*

v17.3.0-ee

v17.3.1-ee

v17.3.2-ee

v17.3.3-ee

v17.3.4-ee

v17.3.4-rc50-ee

v17.3.5-ee

v17.3.6-ee