CVE-2023-5117

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Dec 25, 2024
CWE ID 213

Summary

CVE-2023-5117 is a vulnerability affecting GitLab CE/EE versions prior to 17.6.0. This issue allows users to access files uploaded to comments on confidential issues and epics of public projects without authentication, simply by using a direct link to the uploaded file URL. The significance of this vulnerability is that it can potentially expose sensitive information, as users may not be aware that these files were publicly accessible. The vulnerability does not require any special privileges or authentication, making it a potential risk for any user interacting with the affected GitLab projects. Organizations using GitLab should update to the latest version as soon as possible to mitigate the risk of this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share