PT-2023-24406 · Gitlab · Gitlab Ce/Ee+1

Rodrigo Tomonari

Published

2023-07-13

Updated

2025-03-20

CVE-2023-3362

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.0 through 16.0.5 GitLab CE/EE version 16.1.0

Description An information disclosure issue in GitLab CE/EE allows unauthenticated actors to access the import error information if a project was imported from GitHub.

Recommendations For GitLab CE/EE versions 16.0 through 16.0.5, update to version 16.0.6 or later. For GitLab CE/EE version 16.1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to project import error information until a patch is available.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

BIT-GITLAB-2023-3362

CVE-2023-3362

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2023-24406 · Gitlab · Gitlab Ce/Ee+1

CVE-2023-3362

Weakness Enumeration

Related Identifiers

Affected Products

References · 12