CVE-2023-3399

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Nov 6, 2023
Updated: Nov 14, 2023
CWE ID 79

Summary

CVE-2023-3399 is a vulnerability affecting GitLab Enterprise Edition (EE). Versions 11.6 before 16.3.6, 16.4 before 16.4.2, and 16.5 before 16.5.1 are all impacted. The issue allows unauthorized project or group members to access CI/CD variables through custom project templates. This could potentially expose sensitive information. GitLab urges users on the affected versions to upgrade to the latest patches to address this security concern.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share