CVE-2024-9596

Summary

CVE-2024-9596 is a vulnerability affecting GitLab EE versions 16.6 to 17.2.9, 17.3 to 17.3.5, and 17.4 to 17.4.2, allowing unauthenticated attackers to determine the GitLab version number of a given instance. This exposure poses a low severity risk with a CVSS base score of 3.7, categorized under information exposure through source code (CWE-540). To remediate this issue, users should upgrade their GitLab installations to the latest versions beyond those specified above. The potential danger includes the possibility for attackers to exploit knowledge of the version number to launch further targeted attacks against vulnerable systems. No privileges or user interaction are required for exploitation, indicating that it could be performed remotely with minimal effort on the attacker's part.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.