CVE-2024-6389 Information

Description

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7 17.2 before 17.2.5 and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint contrary to permissions.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/469367 https://hackerone.com/reports/2573397