CVE-2023-1098

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-1098

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1098.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-1098

Aliases

BIT-gitlab-2023-1098

Related

UBUNTU-CVE-2023-1098

Published

2023-04-05T20:15:07Z

Modified

2024-10-11T08:28:52Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

cb71fca38c3de0c212685f97a46ee8426f63d301

Fixed

b46679ba4f4f80f63501a36d605e4691090384f4