CVE-2024-7060

CVSS 3.1 Score 2.6 of 10 (low)

Details

Published Jul 24, 2024

Updated: Jul 25, 2024

CWE ID 200

Summary

CVE-2024-7060 is an information disclosure vulnerability affecting various versions of GitLab CE/EE. Prior to the releases of 17.0.5, 17.1.3, and 17.2.1, unauthorized users could exploit this issue during project/group exports. As a result, sensitive information could be exposed and viewed by unintended recipients. This vulnerability poses a significant risk to data confidentiality. Users are strongly urged to update their GitLab installations to mitigate this exposure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xMs0ws
https://www.cve.org/CVERecord?id=CVE-2024-7060
https://nvd.nist.gov/vuln/detail/CVE-2024-7060

Back to Vulnerability Database