CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-7057

Medium Severity
Gitlab
SVRS
30/100
CVSSv3
4.3/10
EPSS
0.00039/1

CVE-2024-7057 is an information disclosure vulnerability in GitLab CE/EE. This flaw allows unauthorized users to potentially access job artifacts. Specifically, this affects versions 16.7 up to 17.0.5, 17.1 up to 17.1.3, and 17.2 up to 17.2.1. Although the CVSS score is 4.3, indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower immediate risk compared to critical vulnerabilities with scores above 80. While not immediately critical, organizations using affected GitLab versions should patch to prevent unintended data exposure. This GitLab information disclosure issue highlights the importance of proper authorization controls. Addressing CVE-2024-7057 helps maintain data confidentiality and prevent sensitive information leaks.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2024-07-25
LAST MODIFIED2024-09-05
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-7057 is an information disclosure vulnerability in GitLab CE/EE that allows unauthorized users to access job artifacts. This vulnerability affects all versions of GitLab CE/EE starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1.

Key Insights

  • The SVRS for CVE-2024-7057 is 46, indicating a moderate level of severity.
  • This vulnerability could allow attackers to access sensitive information, such as source code, build logs, and test results.
  • The vulnerability is actively exploited in the wild.

Mitigation Strategies

  • Update to GitLab CE/EE version 17.0.5, 17.1.3, or 17.2.1.
  • Restrict access to job artifacts to authorized users only.
  • Monitor for suspicious activity and take appropriate action if necessary.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

GitLab Patch Release: 17.2.1, 17.1.3, 17.0.5
Greg Alfaro2025-04-01
GitLab Patch Release: 17.2.1, 17.1.3, 17.0.5 | Today we are releasing versions 17.2.1, 17.1.3, 17.0.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important bug and security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab releases fixes for vulnerabilities in dedicated patch releases. There are two types of patch releases
gitlab.com
rss
forum
news
GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
Dhivya2024-07-25
GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code | GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garnered particular attention due to its potential to allow attackers to execute arbitrary code. Summary of the Update On July 25, 2024, GitLab announced the release of versions 17.2.1, 17.1.3, […] The post GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
cve-2024-0231
cve-2024-7057
cve-2024-5067
domains
GitLab Patch XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
Dhivya2024-07-25
GitLab Patch XSS Vulnerability that Lets Attackers to Execute Arbitrary Code | GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garnered particular attention due to its potential to allow attackers to execute arbitrary code. Summary of the Update On July 25, 2024, GitLab announced the release of versions 17.2.1, 17.1.3, […] The post GitLab Patch XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
cve-2024-0231
cve-2024-5067
cve-2024-7057
domains

Social Media

CVE-2024-7057 An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from… https://t.co/QbJE72NGSj
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGitlabgitlab

References

ReferenceLink
[email protected]https://gitlab.com/gitlab-org/gitlab/-/issues/458501
[email protected]https://hackerone.com/reports/2475135

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence