CVE-2024-6389

Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

Description

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.

INFO

Published Date :

2024-09-12T16:56:48.267Z

Last Modified :

2024-09-13T14:17:35.852Z

Source :

GitLab

AFFECTED PRODUCTS

The following products are affected by CVE-2024-6389 vulnerability.

Vendors	Products
Gitlab	Gitlab

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6389.

URL	Resource
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/469367
https://hackerone.com/reports/2573397

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact