Lucene search

Veracode Vulnerability DatabaseVERACODE:42171

HistoryAug 06, 2023 - 6:19 a.m.

Information Disclosure

2023-08-0606:19:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab information disclosure repository vulnerability admin password

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

56.8%

JSON

gitlab is vulnerable to Information Disclosure. This allows an admin to leak passwords through a repository mirror configuration.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json

gitlab.com/gitlab-org/gitlab/-/issues/383745

hackerone.com/reports/1784294

security-tracker.debian.org/tracker/CVE-2023-1098

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

56.8%

JSON

Related for VERACODE:42171