CVE-2024-7060
published 2024-07-24CVE-2024-7060: An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.29%
20.3th percentile
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-2 (sid) | gitlab 17.3.5-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.4 < 17.0.5 | 17.0.5 |
| gitlab | gitlab | >= 17.1 < 17.1.3 | 17.1.3 |
| gitlab | gitlab | >= 17.2 < 17.2.1 | 17.2.1 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2024-7060: An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.
vendor_gitlab·2024-07-24·CVSS 2.6
CVE-2024-7060 [LOW] CWE-200 CVE-2024-7060: An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.
CVE-2024-7060: An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
Debian
CVE-2024-7060: gitlab - An information disclosure vulnerability in GitLab CE/EE in project/group exports...
vendor_debian·2024·CVSS 2.6
CVE-2024-7060 [LOW] CVE-2024-7060: gitlab - An information disclosure vulnerability in GitLab CE/EE in project/group exports...
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
Scope: local
sid: resolved (fixed in 17.3.5-2)
GHSA
GHSA-pqgh-rchr-9hg3: An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15
ghsa_unreviewed·2024-07-25
CVE-2024-7060 [LOW] CWE-200 GHSA-pqgh-rchr-9hg3: An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-24
Published