June 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Urgent Threat Alert: Increased Vigilance Needed for Possible Cyberattacks on Pakistan’s Independence Day
August 14, 2024Multiple IBM Products Vulnerabilities
August 14, 2024Urgent Threat Alert: Increased Vigilance Needed for Possible Cyberattacks on Pakistan’s Independence Day
August 14, 2024Multiple IBM Products Vulnerabilities
August 14, 2024
Severity
Medium
Analysis Summary
CVE-2024-7610 CVSS:4.3
GitLab is vulnerable to a denial of service, caused by an error while parsing results from Elasticsearch. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-7554 CVSS:4.9
GitLab could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted API request, an attacker could exploit this vulnerability to log access tokens.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-7610
- CVE-2024-7554
Affected Vendors
GitLab
Affected Products
- GitLab GitLab - 15.9
- GitLab GitLab - 13.9
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.