CVE-2024-6685

LOW

GitLab CE/EE <17.1.7-17.3.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.

References (2)

Core 2
Core References
Broken Link issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/472012
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2584372

Scores

CVSS v3 3.1
EPSS 0.0004
EPSS Percentile 12.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (1)
gitlab/gitlab 16.7.0 - 17.1.7 (2 CPE variants)
Published Sep 16, 2024
Tracked Since Feb 18, 2026