An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Exposure of Sensitive Information to an Unauthorized Actor in GitLab | Insertion of Sensitive Information Into Sent Data in GitLab |
Weaknesses | CWE-201 |
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-01T07:02:13.130Z
Updated: 2024-10-10T20:16:50.932Z
Reserved: 2023-07-25T16:06:09.992Z
Link: CVE-2023-3949
Vulnrichment
Updated: 2024-08-02T07:08:50.845Z
NVD
Status : Modified
Published: 2023-12-01T07:15:08.973
Modified: 2024-11-21T08:18:23.127
Link: CVE-2023-3949
Redhat
No data.