CVE-2024-7057

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/458501	Broken Link
https://hackerone.com/reports/2475135	Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/458501	Broken Link
https://hackerone.com/reports/2475135	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

No history.

Information

Published : 2024-07-25 01:15

Updated : 2024-11-21 09:50

NVD link : CVE-2024-7057

Mitre link : CVE-2024-7057

CVE.ORG link : CVE-2024-7057

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

{"id": "CVE-2024-7057", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-07-25T01:15:10.040", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458501", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2475135", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458501", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2475135", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en GitLab CE/EE que afecta a todas las versiones desde la 16.7 anterior a la 17.0.5, desde la 17.1 anterior a la 17.1.3 y desde la 17.2 anterior a la 17.2.1, donde los artefactos del trabajo pueden exponerse de manera inapropiada a usuarios que carecen de la nivel de autorizaci\u00f3n adecuado."}], "lastModified": "2024-11-21T09:50:48.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "7D2AF178-30AD-4287-A7BE-881FBF897438", "versionEndExcluding": "17.0.5", "versionStartIncluding": "16.7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B134A8-6F60-4450-A98C-857ED5AD5BFF", "versionEndExcluding": "17.0.5", "versionStartIncluding": "16.7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "2AAB2105-E23B-4B5B-B1FB-63E2B406C15D", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "BDEB6BD0-A0F9-4ECD-8BB1-DAD86FDB23DE", "versionEndExcluding": "17.2.1", "versionStartIncluding": "17.2"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1", "versionEndExcluding": "17.2.1", "versionStartIncluding": "17.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}