CVE-2024-8974: 
GitLab vulnerability analysis and mitigation

Information disclosure vulnerability (CVE-2024-8974) affects GitLab Enterprise Edition (EE) and Community Edition (CE) versions from 15.6 up to, but not including, versions 17.2.8, 17.3.4, and 17.4.1. The vulnerability was disclosed on September 26, 2024, and allows unauthorized users to potentially access private project path information under specific conditions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, while GitLab Inc. assessed it with a score of 2.6 (LOW) with vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-863 (Incorrect Authorization) by NIST and CWE-684 (Incorrect Provision of Specified Functionality) by GitLab Inc (NVD).

The vulnerability allows unauthorized users to access the path information of private projects under specific conditions, potentially exposing sensitive project structure information (NVD).

Users should upgrade to GitLab versions 17.2.8, 17.3.4, or 17.4.1 or later, depending on their current version track (NVD).