CVE-2024-3303

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/454460	Exploit Issue Tracking
https://hackerone.com/reports/2418620	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

No history.

Information

Published : 2025-02-13 09:15

Updated : 2025-08-06 18:32

NVD link : CVE-2024-3303

Mitre link : CVE-2024-3303

CVE.ORG link : CVE-2024-3303

JSON object : View

Products Affected

gitlab

gitlab

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-3303", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2025-02-13T09:15:09.653", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/454460", "tags": ["Exploit", "Issue Tracking"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2418620", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde la 16.0 anterior a la 17.6.5, desde la 17.7 anterior a la 17.7.4 y desde la 17.8 anterior a la 17.8.2, que permite a un atacante exfiltrar el contenido de una emisi\u00f3n privada mediante inyecci\u00f3n r\u00e1pida."}], "lastModified": "2025-08-06T18:32:16.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "50288C87-C49A-4370-8A07-229E6BAD9779", "versionEndExcluding": "17.6.5", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "23EE6F1C-8A6C-40F7-A89D-D97F9070697C", "versionEndExcluding": "17.7.4", "versionStartIncluding": "17.7.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C801E385-FAD0-44A5-BDE2-49708E256110", "versionEndExcluding": "17.8.2", "versionStartIncluding": "17.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}