{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5005", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-05-16T14:02:33.104Z", "datePublished": "2024-10-11T11:30:57.104Z", "dateUpdated": "2024-10-11T13:41:55.311Z"}, "containers": {"cna": {"title": "Incorrect Provision of Specified Functionality in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "11.4", "status": "affected", "lessThan": "17.2.9", "versionType": "semver"}, {"version": "17.3", "status": "affected", "lessThan": "17.3.5", "versionType": "semver"}, {"version": "17.4", "status": "affected", "lessThan": "17.4.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-684: Incorrect Provision of Specified Functionality", "cweId": "CWE-684", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108", "name": "GitLab Issue #462108", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2501461", "name": "HackerOne Bug Bounty Report #2501461", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 17.4.2, 17.3.5, 17.2.9 or above."}], "credits": [{"lang": "en", "value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-11T11:30:57.104Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T13:41:47.000870Z", "id": "CVE-2024-5005", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T13:41:55.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5005", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T13:41:47.000870Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T13:41:50.961Z"}}], "cna": {"title": "Incorrect Provision of Specified Functionality in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "11.4", "lessThan": "17.2.9", "versionType": "semver"}, {"status": "affected", "version": "17.3", "lessThan": "17.3.5", "versionType": "semver"}, {"status": "affected", "version": "17.4", "lessThan": "17.4.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 17.4.2, 17.3.5, 17.2.9 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108", "name": "GitLab Issue #462108", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2501461", "name": "HackerOne Bug Bounty Report #2501461", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-684", "description": "CWE-684: Incorrect Provision of Specified Functionality"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-11T11:30:57.104Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5005", "state": "PUBLISHED", "dateUpdated": "2024-10-11T13:41:55.311Z", "dateReserved": "2024-05-16T14:02:33.104Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-10-11T11:30:57.104Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "11077447-D01B-410A-9B49-C712B2B4A57B", "versionEndExcluding": "17.2.9", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "57B101F2-4669-4EC7-BE80-2F1515B188DE", "versionEndExcluding": "17.2.9", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "EE7140D0-5D8A-4EDA-91AF-5F14BC4F6307", "versionEndExcluding": "17.3.5", "versionStartIncluding": "17.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9A005AE5-1C1A-4515-9695-A502092BB75A", "versionEndExcluding": "17.3.5", "versionStartIncluding": "17.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "7132410B-A160-4C18-8BB6-E53C6A0F35D7", "versionEndExcluding": "17.4.2", "versionStartIncluding": "17.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "08991976-707A-4A7B-863D-766928E74FF7", "versionEndExcluding": "17.4.2", "versionStartIncluding": "17.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab EE/CE que afectaba a todas las versiones desde la 11.4 hasta la 17.2.9, todas las versiones desde la 17.3 hasta la 17.3.5 y todas las versiones desde la 17.4 hasta la 17.4.2. Los usuarios invitados pod\u00edan divulgar plantillas de proyecto mediante la API."}], "id": "CVE-2024-5005", "lastModified": "2024-12-12T19:55:10.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-11T13:15:16.317", "references": [{"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2501461"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-684"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}