{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3976", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-04-19T08:02:17.288Z", "datePublished": "2025-02-05T12:02:27.929Z", "dateUpdated": "2025-02-05T20:12:12.955Z"}, "containers": {"cna": {"title": "Missing Authorization in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "14.0", "status": "affected", "lessThan": "16.9.7", "versionType": "semver"}, {"version": "16.10", "status": "affected", "lessThan": "16.10.5", "versionType": "semver"}, {"version": "16.11", "status": "affected", "lessThan": "16.11.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862: Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457140", "name": "GitLab Issue #457140", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2470939", "name": "HackerOne Bug Bounty Report #2470939", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above."}], "credits": [{"lang": "en", "value": "Thanks [ahacker1](https://hackerone.com/ahacker1) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-02-05T12:02:27.929Z"}}, "adp": [{"references": [{"url": "https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/", "tags": ["release-notes"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T14:04:52.021207Z", "id": "CVE-2024-3976", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:12:12.955Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3976", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-05T14:04:52.021207Z"}}}], "references": [{"url": "https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/", "tags": ["release-notes"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:12:03.550Z"}}], "cna": {"title": "Missing Authorization in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [ahacker1](https://hackerone.com/ahacker1) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "14.0", "lessThan": "16.9.7", "versionType": "semver"}, {"status": "affected", "version": "16.10", "lessThan": "16.10.5", "versionType": "semver"}, {"status": "affected", "version": "16.11", "lessThan": "16.11.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457140", "name": "GitLab Issue #457140", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2470939", "name": "HackerOne Bug Bounty Report #2470939", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-02-05T12:02:27.929Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3976", "state": "PUBLISHED", "dateUpdated": "2025-02-05T20:12:12.955Z", "dateReserved": "2024-04-19T08:02:17.288Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-02-05T12:02:27.929Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "DE322CFF-9EF3-452B-9E07-B7DC68BC795F", "versionEndExcluding": "16.9.7", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "20A54371-18DF-40AC-B67F-4098C719F146", "versionEndExcluding": "16.9.7", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "356482CA-C9DF-418B-BBDF-C6C09CA8C16D", "versionEndExcluding": "16.10.5", "versionStartIncluding": "16.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "154184A5-A34D-4DB1-85B4-DE47A3723E6B", "versionEndExcluding": "16.10.5", "versionStartIncluding": "16.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "9B50E4E6-602E-470D-BB03-774CFB1461B6", "versionEndExcluding": "16.11.2", "versionStartIncluding": "16.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5ACCB718-2ABE-4F1A-AB57-B2D3B4879FAC", "versionEndExcluding": "16.11.2", "versionStartIncluding": "16.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 14.0 hasta la 16.9.7, desde la 16.10 hasta la 16.10.5 y desde la 16.11 hasta la 16.11.2. Era posible divulgar a trav\u00e9s de la interfaz de usuario el t\u00edtulo y la descripci\u00f3n de problemas confidenciales de un proyecto p\u00fablico a usuarios de instancias no autorizados."}], "id": "CVE-2024-3976", "lastModified": "2025-08-06T18:59:35.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2025-02-05T12:15:27.627", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457140"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2470939"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Release Notes"], "url": "https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cve@gitlab.com", "type": "Secondary"}]}

{}

{}