CVE Vulnerabilities

CVE-2023-3399

Published: Nov 06, 2023 | Modified: Nov 14, 2023
CVSS 3.x
7.7
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 11.6.0 (including) 12.9.8 (excluding)
Gitlab Gitlab 12.10.0 (including) 12.10.7 (excluding)
Gitlab Gitlab 13.0.0 (including) 13.0.0 (including)
Gitlab Ubuntu upstream *

References