GitLab: Unauthenticated Access to Private Merge Requests - Proactive Insights and Support For Open-Source Applications

In GitLab EE versions starting from 17.3 before 17.3.7, starting from 17.4 before 17.4.4 and starting from 17.5 before 17.5.2 a medium severity vulnerability CVE-2024-10240 was detected. This vulnerability allows unauthenticated users to access details about merge requests (MR) in a private project under specific conditions. To fix this issue, users are advised to upgrade GitLab EE to versions 17.6.1, 17.5.3, or 17.4.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10240.