CVE-2023-3399

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Nov 6, 2023

Updated: Nov 14, 2023

CWE ID 79

Summary

CVE-2023-3399 is a vulnerability affecting GitLab Enterprise Edition (EE). Versions 11.6 before 16.3.6, 16.4 before 16.4.2, and 16.5 before 16.5.1 are all impacted. The issue allows unauthorized project or group members to access CI/CD variables through custom project templates. This could potentially expose sensitive information. GitLab urges users on the affected versions to upgrade to the latest patches to address this security concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rnom-D
https://www.cve.org/CVERecord?id=CVE-2023-3399
https://nvd.nist.gov/vuln/detail/CVE-2023-3399

Back to Vulnerability Database