CVE-2024-8116

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 16, 2024

CWE ID 863

Summary

CVE-2024-8116 is a vulnerability affecting GitLab CE and EE versions prior to 17.4.6, 17.5.4, and 17.6.2. Under specific conditions, an unauthorized user can execute a GraphQL query to gain access to branch names, potentially compromising protected information. This issue poses a serious risk to the confidentiality of project data in GitLab environments. Users are advised to upgrade to the latest version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/yAgkLO
https://www.cve.org/CVERecord?id=CVE-2024-8116
https://nvd.nist.gov/vuln/detail/CVE-2024-8116

Back to Vulnerability Database