{"vulnerability": "CVE-2024-7586", "sightings": [{"uuid": "9fc0a224-7ff1-46a7-a36b-f76aa3b29ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7586", "type": "seen", "source": "https://t.me/MrVGunz/1259", "content": "\ud83d\udccd\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc #GitLab\n\n\u06af\u0632\u0627\u0631\u0634\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u062e\u06cc\u0631 \u0646\u0634\u0627\u0646 \u0627\u0632 \u0648\u062c\u0648\u062f \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc GitLab \u062f\u0627\u0631\u062f. #\u0645\u0647\u0627\u062c\u0645\u0627\u0646_\u0633\u0627\u06cc\u0628\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0636\u0639\u0641\u200c\u0647\u0627 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0634\u0645\u0627 \u0646\u0641\u0648\u0630 \u06a9\u0646\u0646\u062f. \u0628\u0627 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0642\u0627\u062f\u0631 \u062e\u0648\u0627\u0647\u0646\u062f \u0628\u0648\u062f \u062a\u0627 \u0628\u0647 #\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f\u060c \u06a9\u0646\u062a\u0631\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f \u0648 \u06cc\u0627 \u062d\u062a\u06cc \u062e\u062f\u0645\u0627\u062a \u0634\u0645\u0627 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0646\u0646\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631:\n- \u0646\u0633\u062e\u0647 GitLab #Community_Edition\n- \u0646\u0633\u062e\u0647 GitLab #Enterprise_Edition \n- \u0648 \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644 \u0627\u0632 17.2.2\u060c 17.1.4 \u0648 17.0.6\n\n\u062e\u0637\u0631\u0627\u062a \u0627\u062d\u062a\u0645\u0627\u0644\u06cc:\n- #\u0627\u0631\u062a\u0642\u0627\u0621_\u0633\u0637\u062d_\u062f\u0633\u062a\u0631\u0633\u06cc: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0627\u0644\u0627\u062a\u0631\u06cc \u0627\u0631\u062a\u0642\u0627 \u06cc\u0627\u0641\u062a\u0647 \u0648 \u0628\u0647 \u0628\u062e\u0634\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0633\u06cc\u0633\u062a\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062f\u0648\u0631_\u0632\u062f\u0646_\u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc_\u0627\u0645\u0646\u06cc\u062a\u06cc: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u06af\u0630\u0631 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u062d\u0631\u0645\u0627\u0646\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062d\u0645\u0644\u0647_XSS: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627 \u062a\u0632\u0631\u06cc\u0642 \u06a9\u062f\u0647\u0627\u06cc \u0645\u062e\u0631\u0628\u060c \u0639\u0645\u0644\u06a9\u0631\u062f \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062d\u0645\u0644\u0647_DoS: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u0628\u0627\u0631 \u06a9\u0627\u0631\u06cc \u0632\u06cc\u0627\u062f\u060c \u062e\u062f\u0645\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0642\u0631\u0627\u0631 \u0646\u062f\u0647\u0646\u062f.\n- #\u0627\u0641\u0634\u0627\u06cc_\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633\u06cc \u0645\u0627\u0646\u0646\u062f \u06af\u0630\u0631\u0648\u0627\u0698\u0647\u200c\u0647\u0627\u060c \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062a\u062c\u0627\u0631\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0636\u0631\u0648\u0631\u06cc:\n\u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0648 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0647\u0631\u06af\u0648\u0646\u0647 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647\u060c \u0628\u0647 \u0634\u062f\u062a \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0646\u0633\u062e\u0647 GitLab \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u06cc\u06a9\u06cc \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646 17.2.2\u060c 17.1.4 \u06cc\u0627 17.0.6 \u0627\u0631\u062a\u0642\u0627 \u062f\u0647\u06cc\u062f. \u0628\u0631\u0627\u06cc \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0648 \u062f\u0631\u06cc\u0627\u0641\u062a \u0631\u0627\u0647\u0646\u0645\u0627\u06cc\u06cc\u200c\u0647\u0627\u06cc \u0641\u0646\u06cc\u060c \u0628\u0647 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0631\u0633\u0645\u06cc GitLab \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f.\n\n\u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc #CVE:\nCVE-2024-2800\u060c CVE-2024-3035\u060c CVE-2024-3114\u060c CVE-2024-3958\u060c CVE-2024-4207\u060c CVE-2024-4210\u060c CVE-2024-4784\u060c CVE-2024-5423\u060c CVE-2024-6329\u060c CVE-2024-6356 \u0648 CVE-2024-7586\n\n\u0647\u0634\u062f\u0627\u0631: \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0627\u0647\u0645\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0628\u0647 \u0633\u0631\u0639\u062a \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0633\u06cc\u0633\u062a\u0645 \u062e\u0648\u062f \u06a9\u0646\u06cc\u062f.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240812\n\n\ud83d\udccd Critical Vulnerabilities in Older Versions of #GitLab\n\nRecent security reports have identified several serious vulnerabilities in older versions of GitLab. #Cyber_Attackers can exploit these weaknesses to infiltrate your systems. By leveraging these vulnerabilities, attackers could gain access to #Sensitive_Information, take control of your system, or even disrupt your services.\n\nAffected Versions:\n- GitLab #Community_Edition\n- GitLab #Enterprise_Edition\n- All versions prior to 17.2.2, 17.1.4, and 17.0.6\n\nPotential Risks:\n- #Privilege_Escalation: Attackers could elevate their access level and gain entry to sensitive parts of the system.\n- #Security_Bypass: Attackers may circumvent security mechanisms and access confidential information.\n- #XSS_Attacks: Malicious code injection could disrupt software functionality and compromise user data.\n- #DoS_Attacks: Attackers might overload the system, making it unavailable to users.\n- #Sensitive_Data_Exposure: Attackers could access sensitive data such as passwords, user information, and business data.\n\nNecessary Actions:\nTo address these vulnerabilities and prevent exploitation, it is strongly recommended to update your GitLab version to one of the secure versions: 17.2.2, 17.1.4, or 17.0.6. For more information and technical guidance, visit the official GitLab website.\n\nCVE Identifiers:\nCVE-2024-2800, CVE-2024-3035, CVE-2024-3114, CVE-2024-3958, CVE-2024-4207, CVE-2024-4210, CVE-2024-4784, CVE-2024-5423, CVE-2024-6329, CVE-2024-6356, and CVE-2024-7586\n\nWarning: Due to the critical nature of these vulnerabilities, update your system immediately.\n\n\ud83d\udd17 Read the full article here:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240812", "creation_timestamp": "2024-08-20T04:31:33.000000Z"}, {"uuid": "0e8e1b9a-0b4a-49dd-a8f9-730a24c34c9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7586", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18965", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-7586\n\ud83d\udd25 CVSS Score: 4.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.\n\ud83d\udccf Published: 2025-06-20T13:58:37.159Z\n\ud83d\udccf Modified: 2025-06-20T13:58:37.159Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/463866", "creation_timestamp": "2025-06-20T14:43:41.000000Z"}]}