CVE-2024-9596

Summary

An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab16.6 < 17.2.9affected
GitLabGitLab17.3 < 17.3.5affected
GitLabGitLab17.4 < 17.4.2affected

Weaknesses

  • CWE-540: CWE-540: Inclusion of Sensitive Information in Source Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References