6.6 CVE-2023-3441
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.
https://nvd.nist.gov/vuln/detail/CVE-2023-3441
Categories
CWE-213 : Exposure of Sensitive Information Due to Incompatible Policies
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Product lists DLLs and full pathnames. Telnet protocol allows servers to obtain sensitive environment information from clients. Telnet protocol allows servers to obtain sensitive environment information from clients.
References
cve@gitlab.com
CPE
cpe | start | end |
---|
REMEDIATION
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
No known exploits |
Other Nist (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.