CVE-2024-8974

LOW

Gitlab < 17.2.8 - Incorrect Authorization

Title source: rule

Description

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."

References (1)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/482843

Scores

CVSS v3 2.6

EPSS 0.0006

EPSS Percentile 19.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-684 CWE-863

Status published

Affected Products (4)

gitlab/gitlab < 17.2.8

gitlab/gitlab

Timeline

Published Sep 26, 2024

Tracked Since Feb 18, 2026