CVE-2024-6685

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-6685

Severity

Unknown

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.

References

https://images.chainguard.dev/security/CGA-rhfg-283q-6q42
https://github.com/advisories/GHSA-272r-9r62-xgwc
https://images.chainguard.dev/security/CGA-qw2m-48gx-6g27
https://images.chainguard.dev/security/CGA-32mh-w77g-35j6
https://images.chainguard.dev/security/CGA-5mwj-p4c6-2pq2
https://images.chainguard.dev/security/CGA-7583-cgcp-rpff
https://images.chainguard.dev/security/CGA-qr5q-h56w-pmr9
https://images.chainguard.dev/security/CGA-4hgq-4rmg-72wv
https://images.chainguard.dev/security/CGA-hxx5-pxcq-g2vf
https://images.chainguard.dev/security/CGA-cxcv-w82r-9j3g
https://images.chainguard.dev/security/CGA-6w5w-vp55-x3x3
https://images.chainguard.dev/security/CGA-pxvr-6vc7-8wch
https://images.chainguard.dev/security/CGA-8hg5-v4p8-xpf7
https://gitlab.com/gitlab-org/gitlab/-/issues/472012
https://hackerone.com/reports/2584372

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-6685

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources