Severity
Medium
Analysis Summary
CVE-2024-7091 CVSS:4.1
GitLab could allow a remote authenticated attacker to obtain sensitive information. An attacker could exploit this vulnerability to disclose limited information of an exported group or project to another user.
CVE-2024-7057 CVSS:4.3
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain job artifacts information, and use this information to launch further attacks against the affected system.
CVE-2024-5067 CVSS:4.4
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain project-level analytics settings information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-7091
- CVE-2024-7057
- CVE-2024-5067
Affected Vendors
Affected Products
- GitLab Community Edition 17.0.0
- GitLab Enterprise Edition 17.0.0
- GitLab Enterprise Edition 17.1.0
- GitLab Community Edition 17.1.0
- GitLab Community Edition 17.2.0
- GitLab Enterprise Edition 17.2.0
- GitLab 15.6
- GitLab 17.1
- GitLab 17.2
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.