Lucene search
HistoryJul 17, 2024 - 2:15 a.m.
CVE-2024-6595
gitlab
security
npm
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
17.4%
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.
Affected configurations
Node
gitlabgitlabRange11.8.0–16.11.6community
ORgitlabgitlabRange11.8.0–16.11.6enterprise
ORgitlabgitlabRange17.0.0–17.0.4community
ORgitlabgitlabRange17.0.0–17.0.4enterprise
ORgitlabgitlabRange17.1.0–17.1.2community
ORgitlabgitlabRange17.1.0–17.1.2enterprise
Related
ubuntucve
ubuntucve
CVE-2024-6595
2024-07-17 00:00:00
osv
osv
BIT-gitlab-2024-6595
2024-07-19 07:19:00
CVE-2024-6595
2024-07-17 02:15:10
nessus
nessus
GitLab 11.8 < 16.11.6 / 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-6595)
2024-07-17 00:00:00
FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)
2024-07-11 00:00:00
cvelist
cvelist
CVE-2024-6595 Uncontrolled Search Path Element in GitLab
2024-07-17 01:30:43
cve
cve
CVE-2024-6595
2024-07-17 02:15:10
debiancve
debiancve
CVE-2024-6595
2024-07-17 02:15:10
vulnrichment
vulnrichment
CVE-2024-6595 Uncontrolled Search Path Element in GitLab
2024-07-17 01:30:43
freebsd
freebsd
Gitlab -- vulnerabilities
2024-07-10 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
17.4%
Related for NVD:CVE-2024-6595