CVE-2024-5318

CVSS 3.1 Score 4.0 of 10 (medium)

Details

Published May 24, 2024

CWE ID 284

Summary

CVE-2024-5318 is a vulnerability affecting GitLab CE/EE versions 11.11 to 16.10.6, 16.11 to 16.11.3, and 17.0 to 17.0.1. This issue allows Guest users to access dependency lists of private projects, despite having no authorized access to the projects themselves. This vulnerability poses a risk to data confidentiality, as sensitive dependency information could be exposed. Organizations using the affected GitLab versions are urged to upgrade to the latest patch releases to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wF9oa-
https://www.cve.org/CVERecord?id=CVE-2024-5318
https://nvd.nist.gov/vuln/detail/CVE-2024-5318

Back to Vulnerability Database

CVE-2024-5318

CVSS 3.1 Score 4.0 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations