CVE-2023-0483

Name of the Vulnerable Software and Affected Versions GitLab versions 12.1 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2

Description An issue has been discovered in GitLab that allows a project maintainer to extract a Datadog integration API key by modifying the site. This issue is related to the lack of protection for service data, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For GitLab versions 12.1 through 15.7.8, update to version 15.7.8 or later. For GitLab versions 15.8 through 15.8.4, update to version 15.8.4 or later. For GitLab versions 15.9 through 15.9.2, update to version 15.9.2 or later. As a temporary workaround, consider restricting access to the Datadog integration API key until a patch is available.