CVE-2024-5435

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 09:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 4.5
References
  • () https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/ -

14 Sep 2024, 15:05

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-12 17:15

Updated : 2024-11-21 09:47


NVD link : CVE-2024-5435

Mitre link : CVE-2024-5435

CVE.ORG link : CVE-2024-5435


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-209

Generation of Error Message Containing Sensitive Information