CVE-2024-5435

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-5435

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5435.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-5435

Aliases

BIT-gitlab-2024-5435

Downstream

UBUNTU-CVE-2024-5435

Published

2024-09-12T17:15:05Z

Modified

2025-02-18T19:52:41Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

defe6e7f8821c58e67a2e909ef8d36463d76e7e8

Fixed

84cf95d60d2691201b17bb4d41a95987ded847fb