Vulnerability Description
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 16.11, < 17.0.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/458504Broken Link
- https://gitlab.com/gitlab-org/gitlab/-/issues/462427ExploitIssue TrackingVendor Advisory
- https://hackerone.com/reports/2462303Permissions Required
- https://hackerone.com/reports/2502047Permissions Required
- https://gitlab.com/gitlab-org/gitlab/-/issues/458504Broken Link
- https://gitlab.com/gitlab-org/gitlab/-/issues/462427ExploitIssue TrackingVendor Advisory
- https://hackerone.com/reports/2462303Permissions Required
- https://hackerone.com/reports/2502047Permissions Required
FAQ
What is CVE-2024-5067?
CVE-2024-5067 is a vulnerability with a CVSS score of 4.4 (MEDIUM). An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level ...
How severe is CVE-2024-5067?
CVE-2024-5067 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5067?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.