Severity
Medium
Analysis Summary
CVE-2024-4278 CVSS:5.5
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
CVE-2024-4099 CVSS:3.1
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-4278
- CVE-2024-4099
Affected Vendors
GitLab
Affected Products
- GitLab - 16.5
- GitLab - 16.0 - 17.3 - 17.4
Remediation
Refer to GitLab Website for patch, upgrade or suggested workaround information.