CVE-2024-7057

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-7057

Severity

4.3

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

Improper Access Control in GitLab

Description

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-7057
https://github.com/advisories/GHSA-h3pp-hqpg-9qmw
https://images.chainguard.dev/security/git%3A%2F%2Fgit%40gitlab.com%3Agitlab-org%2Fgitlab.git
https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7057.json
https://gitlab.com/gitlab-org/gitlab/-/issues/458501
https://hackerone.com/reports/2475135

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-7057

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company