{"uuid": "bea766c9-08ca-44dc-ab0f-773afddc8b47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4784", "type": "seen", "source": "https://t.me/MrVGunz/1259", "content": "\ud83d\udccd\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc #GitLab\n\n\u06af\u0632\u0627\u0631\u0634\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u062e\u06cc\u0631 \u0646\u0634\u0627\u0646 \u0627\u0632 \u0648\u062c\u0648\u062f \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc GitLab \u062f\u0627\u0631\u062f. #\u0645\u0647\u0627\u062c\u0645\u0627\u0646_\u0633\u0627\u06cc\u0628\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0636\u0639\u0641\u200c\u0647\u0627 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0634\u0645\u0627 \u0646\u0641\u0648\u0630 \u06a9\u0646\u0646\u062f. \u0628\u0627 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0642\u0627\u062f\u0631 \u062e\u0648\u0627\u0647\u0646\u062f \u0628\u0648\u062f \u062a\u0627 \u0628\u0647 #\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f\u060c \u06a9\u0646\u062a\u0631\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f \u0648 \u06cc\u0627 \u062d\u062a\u06cc \u062e\u062f\u0645\u0627\u062a \u0634\u0645\u0627 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0646\u0646\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631:\n- \u0646\u0633\u062e\u0647 GitLab #Community_Edition\n- \u0646\u0633\u062e\u0647 GitLab #Enterprise_Edition \n- \u0648 \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644 \u0627\u0632 17.2.2\u060c 17.1.4 \u0648 17.0.6\n\n\u062e\u0637\u0631\u0627\u062a \u0627\u062d\u062a\u0645\u0627\u0644\u06cc:\n- #\u0627\u0631\u062a\u0642\u0627\u0621_\u0633\u0637\u062d_\u062f\u0633\u062a\u0631\u0633\u06cc: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0627\u0644\u0627\u062a\u0631\u06cc \u0627\u0631\u062a\u0642\u0627 \u06cc\u0627\u0641\u062a\u0647 \u0648 \u0628\u0647 \u0628\u062e\u0634\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0633\u06cc\u0633\u062a\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062f\u0648\u0631_\u0632\u062f\u0646_\u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc_\u0627\u0645\u0646\u06cc\u062a\u06cc: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u06af\u0630\u0631 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u062d\u0631\u0645\u0627\u0646\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062d\u0645\u0644\u0647_XSS: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627 \u062a\u0632\u0631\u06cc\u0642 \u06a9\u062f\u0647\u0627\u06cc \u0645\u062e\u0631\u0628\u060c \u0639\u0645\u0644\u06a9\u0631\u062f \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062d\u0645\u0644\u0647_DoS: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u0628\u0627\u0631 \u06a9\u0627\u0631\u06cc \u0632\u06cc\u0627\u062f\u060c \u062e\u062f\u0645\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0642\u0631\u0627\u0631 \u0646\u062f\u0647\u0646\u062f.\n- #\u0627\u0641\u0634\u0627\u06cc_\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633\u06cc \u0645\u0627\u0646\u0646\u062f \u06af\u0630\u0631\u0648\u0627\u0698\u0647\u200c\u0647\u0627\u060c \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062a\u062c\u0627\u0631\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0636\u0631\u0648\u0631\u06cc:\n\u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0648 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0647\u0631\u06af\u0648\u0646\u0647 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647\u060c \u0628\u0647 \u0634\u062f\u062a \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0646\u0633\u062e\u0647 GitLab \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u06cc\u06a9\u06cc \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646 17.2.2\u060c 17.1.4 \u06cc\u0627 17.0.6 \u0627\u0631\u062a\u0642\u0627 \u062f\u0647\u06cc\u062f. \u0628\u0631\u0627\u06cc \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0648 \u062f\u0631\u06cc\u0627\u0641\u062a \u0631\u0627\u0647\u0646\u0645\u0627\u06cc\u06cc\u200c\u0647\u0627\u06cc \u0641\u0646\u06cc\u060c \u0628\u0647 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0631\u0633\u0645\u06cc GitLab \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f.\n\n\u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc #CVE:\nCVE-2024-2800\u060c CVE-2024-3035\u060c CVE-2024-3114\u060c CVE-2024-3958\u060c CVE-2024-4207\u060c CVE-2024-4210\u060c CVE-2024-4784\u060c CVE-2024-5423\u060c CVE-2024-6329\u060c CVE-2024-6356 \u0648 CVE-2024-7586\n\n\u0647\u0634\u062f\u0627\u0631: \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0627\u0647\u0645\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0628\u0647 \u0633\u0631\u0639\u062a \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0633\u06cc\u0633\u062a\u0645 \u062e\u0648\u062f \u06a9\u0646\u06cc\u062f.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240812\n\n\ud83d\udccd Critical Vulnerabilities in Older Versions of #GitLab\n\nRecent security reports have identified several serious vulnerabilities in older versions of GitLab. #Cyber_Attackers can exploit these weaknesses to infiltrate your systems. By leveraging these vulnerabilities, attackers could gain access to #Sensitive_Information, take control of your system, or even disrupt your services.\n\nAffected Versions:\n- GitLab #Community_Edition\n- GitLab #Enterprise_Edition\n- All versions prior to 17.2.2, 17.1.4, and 17.0.6\n\nPotential Risks:\n- #Privilege_Escalation: Attackers could elevate their access level and gain entry to sensitive parts of the system.\n- #Security_Bypass: Attackers may circumvent security mechanisms and access confidential information.\n- #XSS_Attacks: Malicious code injection could disrupt software functionality and compromise user data.\n- #DoS_Attacks: Attackers might overload the system, making it unavailable to users.\n- #Sensitive_Data_Exposure: Attackers could access sensitive data such as passwords, user information, and business data.\n\nNecessary Actions:\nTo address these vulnerabilities and prevent exploitation, it is strongly recommended to update your GitLab version to one of the secure versions: 17.2.2, 17.1.4, or 17.0.6. For more information and technical guidance, visit the official GitLab website.\n\nCVE Identifiers:\nCVE-2024-2800, CVE-2024-3035, CVE-2024-3114, CVE-2024-3958, CVE-2024-4207, CVE-2024-4210, CVE-2024-4784, CVE-2024-5423, CVE-2024-6329, CVE-2024-6356, and CVE-2024-7586\n\nWarning: Due to the critical nature of these vulnerabilities, update your system immediately.\n\n\ud83d\udd17 Read the full article here:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240812", "creation_timestamp": "2024-08-20T04:31:33.000000Z"}