Lucene search

Ubuntu.comUB:CVE-2024-5318

HistoryMay 24, 2024 - 12:00 a.m.

CVE-2024-5318

2024-05-2400:00:00

ubuntu.com

cve-2024-5318

gitlab

guest user

private projects

dependency lists

job artifacts

unix

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions
starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3,
and starting from 17.0 prior to 17.0.1. A Guest user can view dependency
lists of private projects through job artifacts.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/427526

hackerone.com/reports/2189464

launchpad.net/bugs/cve/CVE-2024-5318

nvd.nist.gov/vuln/detail/CVE-2024-5318

security-tracker.debian.org/tracker/CVE-2024-5318

www.cve.org/CVERecord?id=CVE-2024-5318

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for UB:CVE-2024-5318