CVE-2024-8974
published 2024-09-26CVE-2024-8974: Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.27%
18.4th percentile
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-3 (sid) | gitlab 17.3.5-3 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.6 < 17.2.8 | 17.2.8 |
| gitlab | gitlab | >= 15.6.0 < 17.2.8 | 17.2.8 |
| gitlab | gitlab | >= 17.3 < 17.3.4 | 17.3.4 |
| gitlab | gitlab | >= 17.3.0 < 17.3.4 | 17.3.4 |
| gitlab | gitlab | >= 17.4 < 17.4.1 | 17.4.1 |
| gitlab | gitlab_ee | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vg85-gmcc-wrqw: Information disclosure in Gitlab EE/CE affecting all versions from 15
ghsa_unreviewed·2024-09-27
CVE-2024-8974 [LOW] CWE-684 GHSA-vg85-gmcc-wrqw: Information disclosure in Gitlab EE/CE affecting all versions from 15
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
OSV
CVE-2024-8974: Information disclosure in Gitlab EE/CE affecting all versions from 15
osv·2024-09-26·CVSS 4.3
CVE-2024-8974 [MEDIUM] CVE-2024-8974: Information disclosure in Gitlab EE/CE affecting all versions from 15
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
GitLab
CVE-2024-8974: Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific co
vendor_gitlab·2024-09-26·CVSS 2.6
CVE-2024-8974 [LOW] CWE-684 CVE-2024-8974: Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific co
CVE-2024-8974: Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
Debian
CVE-2024-8974: gitlab - Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to...
vendor_debian·2024·CVSS 2.6
CVE-2024-8974 [LOW] CVE-2024-8974: gitlab - Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to...
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
Scope: local
sid: resolved (fixed in 17.3.5-3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-26
Published