Vulnerability Details CVE-2024-5067
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.8%
CVSS Severity
CVSS v3 Score 4.4
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/458504
- https://gitlab.com/gitlab-org/gitlab/-/issues/462427
- https://hackerone.com/reports/2462303
- https://hackerone.com/reports/2502047
- https://gitlab.com/gitlab-org/gitlab/-/issues/458504
- https://gitlab.com/gitlab-org/gitlab/-/issues/462427
- https://hackerone.com/reports/2462303
- https://hackerone.com/reports/2502047
Products affected by CVE-2024-5067
-
cpe:2.3:a:gitlab:gitlab:16.11.0
-
cpe:2.3:a:gitlab:gitlab:16.11.1
-
cpe:2.3:a:gitlab:gitlab:16.11.10
-
cpe:2.3:a:gitlab:gitlab:16.11.2
-
cpe:2.3:a:gitlab:gitlab:16.11.3
-
cpe:2.3:a:gitlab:gitlab:16.11.4
-
cpe:2.3:a:gitlab:gitlab:16.11.5
-
cpe:2.3:a:gitlab:gitlab:16.11.6
-
cpe:2.3:a:gitlab:gitlab:16.11.7
-
cpe:2.3:a:gitlab:gitlab:16.11.8
-
cpe:2.3:a:gitlab:gitlab:16.11.9
-
cpe:2.3:a:gitlab:gitlab:17.0.0
-
cpe:2.3:a:gitlab:gitlab:17.0.1
-
cpe:2.3:a:gitlab:gitlab:17.0.2
-
cpe:2.3:a:gitlab:gitlab:17.0.3
-
cpe:2.3:a:gitlab:gitlab:17.0.4
-
cpe:2.3:a:gitlab:gitlab:17.1.0
-
cpe:2.3:a:gitlab:gitlab:17.1.1
-
cpe:2.3:a:gitlab:gitlab:17.1.2
-
cpe:2.3:a:gitlab:gitlab:17.2.0