An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-11-06T12:08:54.970Z
Updated: 2024-09-18T04:04:40.186Z
Reserved: 2023-06-26T10:17:01.488Z
Link: CVE-2023-3399
Vulnrichment
Updated: 2024-08-02T06:55:03.360Z
NVD
Status : Analyzed
Published: 2023-11-06T13:15:09.503
Modified: 2023-11-14T18:01:40.643
Link: CVE-2023-3399
Redhat
No data.