Vulnerability in Gitlab
CVE-2023-3399
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or…
EPSS: 0.005 (36.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.
Affected products
- Gitlab — versions 16.4, 11.6, 16.5
Weakness classification (CWE)
References
- cve@gitlab.com (issue-tracking, Broken Link)
- cve@gitlab.com (Permissions Required, technical-description, permissions-required, exploit)
Frequently asked questions
- What is CVE-2023-3399?
- CVE-2023-3399 is a high-severity vulnerability in Gitlab, classified under Insertion of Sensitive Information into Sent Data. CVSS score: 8.5/10. Published 2023-11-06.
- How severe is CVE-2023-3399?
- High severity. CVSS v3 base score is 8.5 out of 10.