First published: Thu Jul 13 2023(Updated: )
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=16.0.0<16.0.6 | |
GitLab GitLab | >=16.0.0<16.0.6 | |
GitLab GitLab | =16.1.0 | |
GitLab GitLab | =16.1.0 |
Upgrade to versions 16.0.6, 16.1.1 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-3362 is medium with a severity value of 5.3.
CVE-2023-3362 affects all versions of GitLab CE/EE from 16.0 prior to 16.0.6, and version 16.1.0.
CVE-2023-3362 affects users of GitLab CE/EE versions 16.0 prior to 16.0.6 and version 16.1.0.
Unauthenticated actors can exploit CVE-2023-3362 by accessing the import error information of a project that was imported from GitHub.
Yes, a fix for CVE-2023-3362 is available in GitLab CE/EE version 16.0.6 and version 16.1.0.