An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/385124 | Broken Link |
https://hackerone.com/reports/1767797 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
07 Sep 2023, 17:31
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/385124 - Broken Link | |
References | (MISC) https://hackerone.com/reports/1767797 - Permissions Required | |
First Time |
Gitlab gitlab
Gitlab |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
01 Sep 2023, 11:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-01 11:15
Updated : 2023-12-10 15:14
NVD link : CVE-2022-4343
Mitre link : CVE-2022-4343
CVE.ORG link : CVE-2022-4343
JSON object : View
Products Affected
gitlab
- gitlab
CWE