CVE-2023-3362 - OpenCVE

An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.1.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.1.0::::enterprise:::

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/415131

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-07-13T02:08:46.856Z

Updated: 2024-08-02T06:55:02.661Z

Reserved: 2023-06-22T01:14:35.086Z

Link: CVE-2023-3362

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-13T03:15:10.217

Modified: 2023-07-20T20:49:23.790

Link: CVE-2023-3362

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3362", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-06-22T01:14:35.086Z", "datePublished": "2023-07-13T02:08:46.856Z", "dateUpdated": "2024-08-02T06:55:02.661Z"}, "containers": {"cna": {"title": "Exposure of Sensitive Information to an Unauthorized Actor in GitLab", "descriptions": [{"lang": "en", "value": "An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "versions": [{"version": "16.0", "status": "affected", "lessThan": "16.0.6", "versionType": "semver"}, {"version": "16.1", "status": "affected", "lessThan": "16.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415131", "name": "GitLab Issue #415131", "tags": ["issue-tracking"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.0.6, 16.1.1 or above."}], "credits": [{"lang": "en", "value": "This vulnerability has been discovered internally by GitLab team member [Rodrigo Tomonari](https://gitlab.com/rodrigo.tomonari)", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-07-13T02:08:46.856Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:02.661Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415131", "name": "GitLab Issue #415131", "tags": ["issue-tracking", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "691225A9-E175-41A1-A413-0FE619DF9ACF", "versionEndExcluding": "16.0.6", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8D33EB2F-DB0F-40DA-9C1C-4A33856EABDD", "versionEndExcluding": "16.0.6", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.1.0:*:*:*:community:*:*:*", "matchCriteriaId": "C4071EE0-CDB1-49B9-9B64-1783597A4EC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5E6C33D0-3B6E-434F-A1B9-5495B1C35308", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub."}], "id": "CVE-2023-3362", "lastModified": "2023-07-20T20:49:23.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-07-13T03:15:10.217", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415131"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve@gitlab.com", "type": "Secondary"}]}