{"id":"CVE-2024-4278","summary":"Incorrect Synchronization in GitLab","details":"An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.","aliases":["BIT-gitlab-2024-4278"],"modified":"2026-02-18T03:51:43.637955Z","published":"2024-09-26T06:30:59.796Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4278.json","cwe_ids":["CWE-821"],"cna_assigner":"GitLab"},"references":[{"type":"PACKAGE","url":"git://git@gitlab.com:gitlab-org/gitlab.git"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4278.json"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/458484"},{"type":"REPORT","url":"https://hackerone.com/reports/2466205"},{"type":"ARTICLE","url":"https://hackerone.com/reports/2466205"},{"type":"EVIDENCE","url":"https://hackerone.com/reports/2466205"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4278"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"fc87c9d4cca1536abcf902b4128f5c2004d87162"},{"fixed":"b47f3914f1bcce3bc77e64c310363fa218788ffd"}],"database_specific":{"versions":[{"introduced":"16.5"},{"fixed":"17.2.8"}]}},{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"5aad128b1defa01641e69fdcd5a2ec16bd1d4c2c"},{"fixed":"e5c34c00f7d566d52c12fa37f8688861f153b579"}],"database_specific":{"versions":[{"introduced":"17.3"},{"fixed":"17.3.4"}]}},{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"22193b3da887c1fa5e49021fa8f87b74e6539a7a"},{"fixed":"40bdc966046ddc890715ea16e1e10420f7daea19"}],"database_specific":{"versions":[{"introduced":"17.4"},{"fixed":"17.4.1"}]}}],"versions":["v17.3.0-ee","v17.3.1-ee","v17.3.2-ee","v17.3.3-ee","v17.3.4-rc50-ee","v17.4.0-ee","v17.4.1-rc10-ee"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4278.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}]}