Site icon API Security Blog

GitLab 15.5 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2023-0223)

The version of GitLab installed on the remote host is 15.5 prior to 15.7.8, 15.8.4, 15.9.2. It is, therefore, affected by a vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-9-2-RELEASED advisory.

– An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, 5.3). It is now mitigated in the latest release and is assigned CVE-2023-0223. (CVE-2023-0223)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Exit mobile version