CVE-2024-9596

An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

16 Oct 2024, 17:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.7
v2 : unknown
v3 : 5.3
CWE NVD-CWE-noinfo
First Time Gitlab
Gitlab gitlab
References () https://gitlab.com/gitlab-org/gitlab/-/issues/493355 - () https://gitlab.com/gitlab-org/gitlab/-/issues/493355 - Broken Link
Summary
  • (es) Se ha descubierto un problema en GitLab EE que afecta a todas las versiones desde la 16.6 hasta la 17.2.9, desde la 17.3 hasta la 17.3.5 y desde la 17.4 hasta la 17.4.2. Un atacante no autenticado podía determinar el número de versión de GitLab para una instancia de GitLab.
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

10 Oct 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-10 10:15

Updated : 2024-10-16 17:00


NVD link : CVE-2024-9596

Mitre link : CVE-2024-9596

CVE.ORG link : CVE-2024-9596


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-540

Inclusion of Sensitive Information in Source Code