CVE-2024-4278

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-4278

Severity

5.5

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

Incorrect Synchronization in GitLab

Description

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4278
https://github.com/advisories/GHSA-vfph-fvw4-j4xp
https://images.chainguard.dev/security/git%3A%2F%2Fgit%40gitlab.com%3Agitlab-org%2Fgitlab.git
https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4278.json
https://gitlab.com/gitlab-org/gitlab/-/issues/458484
https://hackerone.com/reports/2466205

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-4278

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company