Home > Vulnerability Database > CVE-2024-8974

Mend.io Vulnerability Database

CVE-2024-8974

Date: September 26, 2024

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."

Language: Ruby

Severity Score

2.6

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8974

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/482843

Url: https://www.mend.io/vulnerability-database/CVE-2024-8974

Severity Score

2.6

Weakness Type (CWE)

Incorrect Provision of Specified Functionality

CWE-684

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8974

Date: September 26, 2024

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?