Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-7610 CVSS:4.3

GitLab is vulnerable to a denial of service, caused by an error while parsing results from Elasticsearch. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-7554 CVSS:4.9

GitLab could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted API request, an attacker could exploit this vulnerability to log access tokens.

Impact

Denial of Service
Information Disclosure

Indicators of Compromise

CVE

CVE-2024-7610
CVE-2024-7554

Affected Vendors

GitLab

Affected Products

GitLab GitLab - 15.9
GitLab GitLab - 13.9

Remediation

Upgrade to the latest version of GitLab, available from the GitLab Website.

CVE-2024-7610

CVE-2024-7554

Urgent Threat Alert: Increased Vigilance Needed for Possible Cyberattacks on Pakistan’s Independence Day

Multiple IBM Products Vulnerabilities

Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan