Lucene search

Ubuntu.comUB:CVE-2024-2191

HistoryJun 27, 2024 - 12:00 a.m.

CVE-2024-2191

2024-06-2700:00:00

ubuntu.com

gitlab ce/ee

info leak

visibility

merge request

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

An issue was discovered in GitLab CE/EE affecting all versions starting
from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and
starting from 17.1 prior to 17.1.1, which allows merge request title to be
visible publicly despite being set as project members only.

Notes

Author	Note
	Priority reason: Minimal info leak

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/444655

hackerone.com/reports/2357370

launchpad.net/bugs/cve/CVE-2024-2191

nvd.nist.gov/vuln/detail/CVE-2024-2191

security-tracker.debian.org/tracker/CVE-2024-2191

www.cve.org/CVERecord?id=CVE-2024-2191

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for UB:CVE-2024-2191