CVE Vulnerabilities

CVE-2024-2191

Published: Jun 27, 2024 | Modified: Jun 28, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 16.9.0 (including) 16.11.5 (excluding)
Gitlab Gitlab 17.0.0 (including) 17.0.3 (excluding)
Gitlab Gitlab 17.1.0 (including) 17.1.0 (including)
Gitlab Ubuntu esm-apps/xenial *

References