CVE-2024-5435

Sept. 14, 2024, 3:05 p.m.

6.5
Medium

Description

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.

Product(s) Impacted

Vendor Product Versions
Gitlab
  • Gitlab
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-209
Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a gitlab gitlab / / / / community / / /
a gitlab gitlab / / / / enterprise / / /
a gitlab gitlab / / / / community / / /
a gitlab gitlab / / / / enterprise / / /
a gitlab gitlab / / / / community / / /
a gitlab gitlab / / / / enterprise / / /

References

https://gitlab.com/gitlab-org/gitlab/-/issues/464044
https://hackerone.com/reports/2520722

Tags

CWE-209
cve@gitlab.com
2024-09-12
CVE-2024-5435

CVSS Score

6.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    View Vector String

Timeline

Published: Sept. 12, 2024, 5:15 p.m.
Last Modified: Sept. 14, 2024, 3:05 p.m.

Status : Analyzed

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@gitlab.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.