Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-2191

HistoryJun 27, 2024 - 12:15 a.m.

CVE-2024-2191

2024-06-2700:15:10

Debian Security Bug Tracker

security-tracker.debian.org

gitlab

ce/ee

merge request

visibility

security issue

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab<= 16.8.4-1gitlab_16.8.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	<= 16.8.4-1	gitlab_16.8.4-1_all.deb

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

Related for DEBIANCVE:CVE-2024-2191