CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5009 – Improper Access Control in GitLab
https://notcve.org/view.php?id=CVE-2023-5009
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de 13.12 antes de 16.2.7, todas las versiones a partir de 16.3 antes de 16.3.4. • https://gitlab.com/gitlab-org/gitlab/-/issues/425304 https://hackerone.com/reports/2147126 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4630 – Exposure of Sensitive Information to an Unauthorized Actor in GitLab
https://notcve.org/view.php?id=CVE-2023-4630
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 10.6 anteriores a 16.1.5, todas las versiones desde 16.2 anteriores a 16.2.5, todas las versiones desde 16.3 anteriores a 16.3.1 en el que cualquier usuario puede leer información limitada sobre las importaciones de cualquier proyecto. • https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released https://gitlab.com/gitlab-org/gitlab/-/issues/415117 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-4378 – Exposure of Sensitive Information to an Unauthorized Actor in GitLab
https://notcve.org/view.php?id=CVE-2023-4378
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. • https://gitlab.com/gitlab-org/gitlab/-/issues/422134 https://hackerone.com/reports/2104591 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4647 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2023-4647
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. • https://gitlab.com/gitlab-org/gitlab/-/issues/414502 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4343 – Exposure of Sensitive Information to an Unauthorized Actor in GitLab
https://notcve.org/view.php?id=CVE-2022-4343
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de 13.12 y antes de 16.1.5, todas las versiones a partir de 16.2 y antes de 16.2.5, todas las versiones a partir de 16.3 y antes de 16.3.1, en el que un miembro del proyecto puede filtrar las credenciales almacenadas del perfil del sitio. • https://gitlab.com/gitlab-org/gitlab/-/issues/385124 https://hackerone.com/reports/1767797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •