CVE-2024-5067Sensitive Information Exposure in Gitlab

CWE-200Sensitive Information ExposureCWE-362Race Condition11 documents7 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 69.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GitlabDebian GitlabGitlab EE+1 more
Timeline
PublishedJul 24
Latest updateMay 21

Description

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

NVDgitlab/gitlab16.1117.0.5+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-q2f3-hg8j-4wcc: An issue was discovered in GitLab EE affecting all versions starting from 162024-07-25

📋Vendor Advisories

4
Chrome
Early Stable Update for Desktop: CVE-2025-50662025-05-21
GitLab
CVE-2024-5067: An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from2024-07-24
Red Hat
kernel: fs/proc/task_mmu: move mmu notification mechanism inside mm lock2024-02-29
Debian
CVE-2024-5067: gitlab - An issue was discovered in GitLab EE affecting all versions starting from 16.11 ...2024

💬Community

5
Bugzilla
CVE-2024-27030 kernel: octeontx2-af: race condition on interupts2024-05-01
Bugzilla
CVE-2024-27062 kernel: nouveau: lock the client object tree.2024-05-01
Bugzilla
CVE-2024-26930 kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer2024-05-01
Bugzilla
CVE-2022-48637 kernel: bnxt: prevent skb UAF after handing over to PTP worker2024-04-29
Bugzilla
CVE-2023-52635 kernel: PM / devfreq: Synchronize devfreq_monitor_[start/stop]2024-04-02