CVE-2024-7060

Exposure of Sensitive Information to an Unauthorized Actor in GitLab

Description

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.

INFO

Published Date :

2024-07-24T22:07:50.018Z

Last Modified :

2024-09-17T16:58:29.528Z

Source :

GitLab

AFFECTED PRODUCTS

The following products are affected by CVE-2024-7060 vulnerability.

Vendors	Products
Gitlab	Gitlab

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7060.

URL	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/437894

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact