CVE-2023-1098

EPSS 0.17%
Veröffentlicht 05.04.2023 20:15:07
Zuletzt bearbeitet 10.02.2025 21:15:14
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 11.5.0 < 15.8.5

Gitlab ≫ Gitlab SwEditionenterprise Version >= 11.5.0 < 15.8.5

Gitlab ≫ Gitlab SwEditioncommunity Version >= 15.9.0 < 15.9.4

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.9.0 < 15.9.4

Gitlab ≫ Gitlab Version15.10.0 SwEditioncommunity

Gitlab ≫ Gitlab Version15.10.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.385

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
cve@gitlab.com	5.8	1.3	4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-535 Exposure of Information Through Shell Error Message

A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/383745

Broken Link

https://hackerone.com/reports/1784294

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-1098

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1098

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1098

EUVD