First published: Thu Sep 12 2024(Updated: )
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=17.0.0<17.1.7 | |
GitLab GitLab | >=17.0.0<17.1.7 | |
GitLab GitLab | >=17.2.0<17.2.5 | |
GitLab GitLab | >=17.2.0<17.2.5 | |
GitLab GitLab | >=17.3.0<17.3.2 | |
GitLab GitLab | >=17.3.0<17.3.2 |
Upgrade to versions 17.1.7, 17.2.5, 17.3.2 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.