CVE-2024-7057

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/458501	Broken Link
https://hackerone.com/reports/2475135	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

05 Sep 2024, 17:33

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/458501 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/458501 - Broken Link
References	~~() https://hackerone.com/reports/2475135 -~~	() https://hackerone.com/reports/2475135 - Permissions Required
First Time		Gitlab gitlab Gitlab
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*
Summary		(es) Una vulnerabilidad de divulgación de información en GitLab CE/EE que afecta a todas las versiones desde la 16.7 anterior a la 17.0.5, desde la 17.1 anterior a la 17.1.3 y desde la 17.2 anterior a la 17.2.1, donde los artefactos del trabajo pueden exponerse de manera inapropiada a usuarios que carecen de la nivel de autorización adecuado.

25 Jul 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-25 01:15

Updated : 2024-09-05 17:33

NVD link : CVE-2024-7057

Mitre link : CVE-2024-7057

CVE.ORG link : CVE-2024-7057

JSON object : View

Products Affected

gitlab

gitlab

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2024-7057", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-07-25T01:15:10.040", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458501", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2475135", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en GitLab CE/EE que afecta a todas las versiones desde la 16.7 anterior a la 17.0.5, desde la 17.1 anterior a la 17.1.3 y desde la 17.2 anterior a la 17.2.1, donde los artefactos del trabajo pueden exponerse de manera inapropiada a usuarios que carecen de la nivel de autorizaci\u00f3n adecuado."}], "lastModified": "2024-09-05T17:33:21.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "7D2AF178-30AD-4287-A7BE-881FBF897438", "versionEndExcluding": "17.0.5", "versionStartIncluding": "16.7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B134A8-6F60-4450-A98C-857ED5AD5BFF", "versionEndExcluding": "17.0.5", "versionStartIncluding": "16.7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "2AAB2105-E23B-4B5B-B1FB-63E2B406C15D", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "BDEB6BD0-A0F9-4ECD-8BB1-DAD86FDB23DE", "versionEndExcluding": "17.2.1", "versionStartIncluding": "17.2"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1", "versionEndExcluding": "17.2.1", "versionStartIncluding": "17.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}