CVE-2024-5435

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-5435

Severity

4.5

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

Generation of Error Message Containing Sensitive Information in GitLab

Description

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-5435
https://github.com/advisories/GHSA-mc42-9p8q-pxff
https://images.chainguard.dev/security/git%3A%2F%2Fgit%40gitlab.com%3Agitlab-org%2Fgitlab.git
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/
https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/5xxx/CVE-2024-5435.json
https://gitlab.com/gitlab-org/gitlab/-/issues/464044
https://hackerone.com/reports/2520722

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-5435

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company