CVE-2024-4278
MEDIUMDescription
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
References
Frequently Asked Questions
What is CVE-2024-4278? +
How severe is CVE-2024-4278? +
What products are affected by CVE-2024-4278? +
How do I check if I'm vulnerable to CVE-2024-4278? +
Related Vulnerabilities
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the …
lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. …
A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices …
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. …
In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent …
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a …