CVE-2024-4278

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:enterprise:*:*:*

History

08 Oct 2024, 19:51

Type Values Removed Values Added
CWE CWE-662 NVD-CWE-Other

26 Sep 2024, 16:55

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 07:15

Updated : 2024-10-08 19:51


NVD link : CVE-2024-4278

Mitre link : CVE-2024-4278

CVE.ORG link : CVE-2024-4278


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-Other CWE-821

Incorrect Synchronization