CVE-2023-3102

A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.1.0:*:*:*:enterprise:*:*:*

History

31 Jul 2023, 17:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
First Time Gitlab gitlab
Gitlab
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.1.0:*:*:*:enterprise:*:*:*
References (MISC) https://hackerone.com/reports/2012073 - (MISC) https://hackerone.com/reports/2012073 - Permissions Required
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/414269 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/414269 - Broken Link

21 Jul 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-21 16:15

Updated : 2023-12-10 15:14


NVD link : CVE-2023-3102

Mitre link : CVE-2023-3102

CVE.ORG link : CVE-2023-3102


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor