CVE-2024-5318

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5318
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.

4.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/427526
https://hackerone.com/reports/2189464
Configurations

No configuration.

History

No history.

Information

Published : 2024-05-24 13:15

Updated : 2024-05-24 18:09

NVD link : CVE-2024-5318

Mitre link : CVE-2024-5318

CVE.ORG link : CVE-2024-5318

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control