nvd-json-data-feeds/CVE-2024/CVE-2024-50xx/CVE-2024-5005.json

{
  "id": "CVE-2024-5005",
  "sourceIdentifier": "cve@gitlab.com",
  "published": "2024-10-11T13:15:16.317",
  "lastModified": "2024-12-12T19:55:10.777",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en GitLab EE/CE que afectaba a todas las versiones desde la 11.4 hasta la 17.2.9, todas las versiones desde la 17.3 hasta la 17.3.5 y todas las versiones desde la 17.4 hasta la 17.4.2. Los usuarios invitados pod\u00edan divulgar plantillas de proyecto mediante la API."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@gitlab.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@gitlab.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-684"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "11.4.0",
              "versionEndExcluding": "17.2.9",
              "matchCriteriaId": "11077447-D01B-410A-9B49-C712B2B4A57B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "11.4.0",
              "versionEndExcluding": "17.2.9",
              "matchCriteriaId": "57B101F2-4669-4EC7-BE80-2F1515B188DE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "17.3.0",
              "versionEndExcluding": "17.3.5",
              "matchCriteriaId": "EE7140D0-5D8A-4EDA-91AF-5F14BC4F6307"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "17.3.0",
              "versionEndExcluding": "17.3.5",
              "matchCriteriaId": "9A005AE5-1C1A-4515-9695-A502092BB75A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "17.4.0",
              "versionEndExcluding": "17.4.2",
              "matchCriteriaId": "7132410B-A160-4C18-8BB6-E53C6A0F35D7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "17.4.0",
              "versionEndExcluding": "17.4.2",
              "matchCriteriaId": "08991976-707A-4A7B-863D-766928E74FF7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108",
      "source": "cve@gitlab.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ]
    },
    {
      "url": "https://hackerone.com/reports/2501461",
      "source": "cve@gitlab.com",
      "tags": [
        "Permissions Required"
      ]
    }
  ]
}
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`{`
			`"id": "CVE-2024-5005",`
			`"sourceIdentifier": "cve@gitlab.com",`
			`"published": "2024-10-11T13:15:16.317",`
Auto-Update: 2024-12-12T21:00:22.199660+00:00 2024-12-12 21:03:45 +00:00			`"lastModified": "2024-12-12T19:55:10.777",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API."`
Auto-Update: 2024-10-15T14:00:18.621893+00:00 2024-10-15 14:03:18 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Se descubri\u00f3 un problema en GitLab EE/CE que afectaba a todas las versiones desde la 11.4 hasta la 17.2.9, todas las versiones desde la 17.3 hasta la 17.3.5 y todas las versiones desde la 17.4 hasta la 17.4.2. Los usuarios invitados pod\u00edan divulgar plantillas de proyecto mediante la API."`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "cve@gitlab.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM",`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "NONE"`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 1.4`
Auto-Update: 2024-12-12T21:00:22.199660+00:00 2024-12-12 21:03:45 +00:00			`},`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",`
			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 1.4`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "cve@gitlab.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-684"`
			`}`
			`]`
Auto-Update: 2024-12-12T21:00:22.199660+00:00 2024-12-12 21:03:45 +00:00			`},`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "NVD-CWE-noinfo"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::community:::*",`
			`"versionStartIncluding": "11.4.0",`
			`"versionEndExcluding": "17.2.9",`
			`"matchCriteriaId": "11077447-D01B-410A-9B49-C712B2B4A57B"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::enterprise:::*",`
			`"versionStartIncluding": "11.4.0",`
			`"versionEndExcluding": "17.2.9",`
			`"matchCriteriaId": "57B101F2-4669-4EC7-BE80-2F1515B188DE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::community:::*",`
			`"versionStartIncluding": "17.3.0",`
			`"versionEndExcluding": "17.3.5",`
			`"matchCriteriaId": "EE7140D0-5D8A-4EDA-91AF-5F14BC4F6307"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::enterprise:::*",`
			`"versionStartIncluding": "17.3.0",`
			`"versionEndExcluding": "17.3.5",`
			`"matchCriteriaId": "9A005AE5-1C1A-4515-9695-A502092BB75A"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::community:::*",`
			`"versionStartIncluding": "17.4.0",`
			`"versionEndExcluding": "17.4.2",`
			`"matchCriteriaId": "7132410B-A160-4C18-8BB6-E53C6A0F35D7"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::enterprise:::*",`
			`"versionStartIncluding": "17.4.0",`
			`"versionEndExcluding": "17.4.2",`
			`"matchCriteriaId": "08991976-707A-4A7B-863D-766928E74FF7"`
			`}`
			`]`
			`}`
			`]`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108",`
Auto-Update: 2024-12-12T21:00:22.199660+00:00 2024-12-12 21:03:45 +00:00			`"source": "cve@gitlab.com",`
			`"tags": [`
			`"Exploit",`
			`"Issue Tracking"`
			`]`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`},`
			`{`
			`"url": "https://hackerone.com/reports/2501461",`
Auto-Update: 2024-12-12T21:00:22.199660+00:00 2024-12-12 21:03:45 +00:00			`"source": "cve@gitlab.com",`
			`"tags": [`
			`"Permissions Required"`
			`]`
Auto-Update: 2024-10-11T14:00:17.361688+00:00 2024-10-11 14:03:20 +00:00			`}`
			`]`
			`}`