CVE-2024-10240
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Nov 26, 2024
Updated: Dec 13, 2024
CWE ID 497
Summary
CVE-2024-10240 is a vulnerability affecting GitLab Enterprise Edition (EE). Versions 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2 are all impacted. An unauthenticated user can potentially access some information about a Merge Request (MR) in a private project under specific conditions. This issue may pose a risk to sensitive data within these versions of GitLab EE. System administrators are strongly encouraged to update their GitLab installations to the latest available versions to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- GitLab
Affected Vendors
- GitLab Inc.