An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/416244 | Broken Link |
https://hackerone.com/reports/2021616 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
14 Nov 2023, 18:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.7 |
First Time |
Gitlab
Gitlab gitlab |
|
CWE | NVD-CWE-Other | |
References | (MISC) https://hackerone.com/reports/2021616 - Permissions Required | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/416244 - Broken Link | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:13.0.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:13.0.0:*:*:*:enterprise:*:*:* |
06 Nov 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-06 13:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3399
Mitre link : CVE-2023-3399
CVE.ORG link : CVE-2023-3399
JSON object : View
Products Affected
gitlab
- gitlab
CWE