An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/383745 | Broken Link |
https://hackerone.com/reports/1784294 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
12 Apr 2023, 19:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:community:*:*:* |
|
References | (MISC) https://hackerone.com/reports/1784294 - Permissions Required | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/383745 - Broken Link | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
CWE | NVD-CWE-noinfo |
05 Apr 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-05 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1098
Mitre link : CVE-2023-1098
CVE.ORG link : CVE-2023-1098
JSON object : View
Products Affected
gitlab
- gitlab
CWE