Vulnerabilities > CVE-2024-10240 - Unspecified vulnerability in Gitlab

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gitlab

NVD

Published: 2024-11-26

Updated: 2024-12-13

Summary

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.

Vulnerable Configurations

Part	Description	Count
Application	Gitlab Gitlab Gitlab 17.5.0 Gitlab Gitlab 17.5.1 Gitlab Gitlab 17.4.0 Gitlab Gitlab 17.4.1 Gitlab Gitlab 17.4.2 Gitlab Gitlab 17.4.3 Gitlab Gitlab 17.3.0 Gitlab Gitlab 17.3.1 Gitlab Gitlab 17.3.2 Gitlab Gitlab 17.3.3 Gitlab Gitlab 17.3.4 Gitlab Gitlab 17.3.5 Gitlab Gitlab 17.3.6	26

References

https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint
https://gitlab.com/gitlab-org/gitlab/-/issues/493188