Lucene search

K

[email protected]NVD:CVE-2023-1098

HistoryApr 05, 2023 - 8:15 p.m.

CVE-2023-1098

2023-04-0520:15:07

[email protected]

web.nvd.nist.gov

information disclosure

gitlab

admin

repository mirror configuration

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.

Affected configurations

NVD

Node

gitlabgitlabRange11.5.0–15.8.5community

OR

gitlabgitlabRange11.5.0–15.8.5enterprise

OR

gitlabgitlabRange15.9.0–15.9.4community

OR

gitlabgitlabRange15.9.0–15.9.4enterprise

OR

gitlabgitlabMatch15.10.0community

OR

gitlabgitlabMatch15.10.0enterprise

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json

gitlab.com/gitlab-org/gitlab/-/issues/383745

hackerone.com/reports/1784294

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

Related for NVD:CVE-2023-1098

cve1 veracode1 osv2 prion1 cvelist1 nessus3 debiancve1 freebsd1