CVE-2024-5005 MEDIUM

CVE-2024-5005: Incorrect Provision of Specified Functionality in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-684
Published October 11, 2024
Last update October 11, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.

Key dates

02Disclosure timeline

October 11, 2024 CVE published
October 11, 2024 Record updated