Vulnerability Description
An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 11.5.0, < 15.8.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/383745Broken Link
- https://hackerone.com/reports/1784294Permissions Required
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/383745Broken Link
- https://hackerone.com/reports/1784294Permissions Required
FAQ
What is CVE-2023-1098?
CVE-2023-1098 is a vulnerability with a CVSS score of 5.8 (MEDIUM). An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions startin...
How severe is CVE-2023-1098?
CVE-2023-1098 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1098?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.