An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/415131 |
History
Tue, 05 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Oct 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-287 |
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Exposure of Sensitive Information to an Unauthorized Actor in GitLab | Generation of Error Message Containing Sensitive Information in GitLab |
Weaknesses | CWE-209 |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-07-13T02:08:46.856Z
Updated: 2024-11-05T15:10:55.758Z
Reserved: 2023-06-22T01:14:35.086Z
Link: CVE-2023-3362
Vulnrichment
Updated: 2024-08-02T06:55:02.661Z
NVD
Status : Modified
Published: 2023-07-13T03:15:10.217
Modified: 2024-11-21T08:17:06.123
Link: CVE-2023-3362
Redhat
No data.