CVE-2024-7060

Published Jul 24, 2024

Last updated 2 months ago

CVSS medium 6.5

Overview

Description: An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
Source: cve@gitlab.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
cve@gitlab.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B522ADA-8F6C-4824-8FE9-502D1DB8073A",
            "versionEndExcluding": "17.0.5",
            "versionStartIncluding": "15.4"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D429C82D-08BB-4729-B81E-9694960DA273",
            "versionEndExcluding": "17.0.5",
            "versionStartIncluding": "15.4"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AAB2105-E23B-4B5B-B1FB-63E2B406C15D",
            "versionEndExcluding": "17.1.3",
            "versionStartIncluding": "17.1"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137",
            "versionEndExcluding": "17.1.3",
            "versionStartIncluding": "17.1"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDEB6BD0-A0F9-4ECD-8BB1-DAD86FDB23DE",
            "versionEndExcluding": "17.2.1",
            "versionStartIncluding": "17.2"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1",
            "versionEndExcluding": "17.2.1",
            "versionStartIncluding": "17.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References