Vulnerability in Gitlab

CVE-2023-3399

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or…

EPSS: 0.005 (36.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.

Affected products

  • Gitlab — versions 16.4, 11.6, 16.5

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-3399?
CVE-2023-3399 is a high-severity vulnerability in Gitlab, classified under Insertion of Sensitive Information into Sent Data. CVSS score: 8.5/10. Published 2023-11-06.
How severe is CVE-2023-3399?
High severity. CVSS v3 base score is 8.5 out of 10.