CVE-2024-7057

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7057

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7057.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7057

Aliases

BIT-gitlab-2024-7057

Published

2024-07-25T01:15:10Z

Modified

2024-09-05T20:22:03Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/458501
https://hackerone.com/reports/2475135

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

9e7d34f7ff11405ece06ec398b66965d153cee6f

Fixed

9c031204479bc7a5d833157334767231e928d553