CVE-2024-4278
Oct. 8, 2024, 7:51 p.m.
Tags
CVSS Score
Products Impacted
| Vendor | Product | Versions |
|---|---|---|
| gitlab |
|
|
Description
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
Weaknesses
CWE-662
Improper Synchronization
The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
CWE ID: 662CWE-821
Incorrect Synchronization
The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.
CWE ID: 821Date
Published: Sept. 26, 2024, 7:15 a.m.
Last Modified: Oct. 8, 2024, 7:51 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@gitlab.com
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | gitlab | gitlab | / | / | / | / | enterprise | / | / | / |
| a | gitlab | gitlab | / | / | / | / | enterprise | / | / | / |
| a | gitlab | gitlab | 17.4.0 | / | / | / | enterprise | / | / | / |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
LOWCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N