CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2024-5067 – Exposure of Sensitive Information to an Unauthorized Actor in GitLab
https://notcve.org/view.php?id=CVE-2024-5067
24 Jul 2024 — An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. • https://gitlab.com/gitlab-org/gitlab/-/issues/458504 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7060 – Exposure of Sensitive Information to an Unauthorized Actor in GitLab
https://notcve.org/view.php?id=CVE-2024-7060
24 Jul 2024 — An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. • https://gitlab.com/gitlab-org/gitlab/-/issues/437894 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7091 – Exposure of Sensitive Information to an Unauthorized Actor in GitLab
https://notcve.org/view.php?id=CVE-2024-7091
24 Jul 2024 — An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. • https://gitlab.com/gitlab-org/gitlab/-/issues/408469 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •