CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

23 Aug 2024, 17:01

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/468937 - () https://gitlab.com/gitlab-org/gitlab/-/issues/468937 - Broken Link
References () https://hackerone.com/reports/2542483 - () https://hackerone.com/reports/2542483 - Permissions Required
First Time Gitlab gitlab
Gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
CVSS v2 : unknown
v3 : 5.7
v2 : unknown
v3 : 7.5

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 8.16 anterior a 17.0.6, desde 17.1 anterior a 17.1.4 y desde 17.2 anterior a 17.2.2, lo que provoca que la interfaz web no pueda representar el diff correctamente cuando la ruta está codificada.

08 Aug 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 10:15

Updated : 2024-08-23 17:01


NVD link : CVE-2024-6329

Mitre link : CVE-2024-6329

CVE.ORG link : CVE-2024-6329


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-116

Improper Encoding or Escaping of Output