Lucene search

[email protected]NVD:CVE-2024-5435

HistorySep 12, 2024 - 5:15 p.m.

CVE-2024-5435

2024-09-1217:15:05

CWE-209

[email protected]

web.nvd.nist.gov

gitlab

vulnerability

password disclosure

repository mirror

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.

Affected configurations

Nvd

Node

gitlabgitlabRange15.10.0–17.1.7community

gitlabgitlabRange15.10.0–17.1.7enterprise

gitlabgitlabRange17.2.0–17.2.5community

gitlabgitlabRange17.2.0–17.2.5enterprise

gitlabgitlabRange17.3.0–17.3.2community

gitlabgitlabRange17.3.0–17.3.2enterprise

VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::community:::*
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

gitlab.com/gitlab-org/gitlab/-/issues/464044

hackerone.com/reports/2520722

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON

Related for NVD:CVE-2024-5435

cve1 cvelist1 vulnrichment1 osv2 nessus2 debiancve1 freebsd1