Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-3303
CVE-2024-3303:
GitLab vulnerability analysis and mitigation
Overview
An issue was discovered in GitLab Enterprise Edition (EE) affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2. The vulnerability is tracked as CVE-2024-3303 and was reported through GitLab's HackerOne bug bounty program (GitLab Release).
Technical details
The vulnerability allows an attacker to exfiltrate contents of a private issue using prompt injection. The issue has been assessed as medium severity with a CVSS score of 6.4 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N) (GitLab Release).
Impact
The vulnerability enables attackers to access and extract content from private issues within GitLab EE installations, potentially leading to unauthorized access to sensitive information (Ubuntu CVE).
Mitigation and workarounds
The vulnerability has been fixed in GitLab versions 17.6.5, 17.7.4, and 17.8.2. Organizations running affected versions should upgrade to the patched versions immediately. GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take action (GitLab Release).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management