An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-09-29T06:30:56.081Z
Updated: 2024-09-18T04:03:20.187Z
Reserved: 2023-02-23T15:20:44.570Z
Link: CVE-2023-0989
Vulnrichment
Updated: 2024-08-02T05:32:46.144Z
NVD
Status : Analyzed
Published: 2023-09-29T07:15:12.520
Modified: 2023-10-02T19:52:42.083
Link: CVE-2023-0989
Redhat
No data.