Vulnerability Database

290,922

Total vulnerabilities in the database

CVE-2023-0989

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.

  • Published: Sep 29, 2023
  • Updated: Oct 3, 2023
  • CVE: CVE-2023-0989
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.7
  • AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
gitlab / gitlab 16.3.0 16.3.5
gitlab / gitlab 16.4.0 16.4.0.x
gitlab / gitlab 13.11 16.2.8