CVE-2024-6685

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6685

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6685.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6685

Aliases

BIT-gitlab-2024-6685

Related

UBUNTU-CVE-2024-6685

Published

2024-09-16T22:15:20Z

Modified

2024-10-07T23:30:58Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

9e7d34f7ff11405ece06ec398b66965d153cee6f

Fixed

84cf95d60d2691201b17bb4d41a95987ded847fb