GitLab 16.7 < 16.8.6 / 16.9 < 16.9.4 / 16.10 < 16.10.2 (CVE-2024-2279)

Language:

Version 1.4 Dec 13, 2024, 9:53 AM CVSS metrics ("CVSSv2 score" set to 5.5) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N") CVSS metrics ("CVSSv3 score" set to 5.4) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 severity (based on CVE-2024-2279, severity decreased from "High" to "Medium") CVSSv3 severity (based on None, severity decreased from "High" to "Medium") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202412130953
Version 1.3 May 3, 2024, 8:17 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202405032017
Version 1.2 May 2, 2024, 3:56 PM IAVM reference Plugin Feed: 202405021556
Version 1.1 Apr 22, 2024, 1:40 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202404221340
Version 1.0 Apr 19, 2024, 11:43 AM New Plugin Feed: 202404191143

* Changelogs are generally available for changes made after Nov 1, 2022