CVE-2023-4378

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.8 through 16.1.4 GitLab CE/EE versions 16.2 through 16.2.4 GitLab CE/EE versions 16.3 through 16.3.0

Description An issue has been discovered that allows a malicious Maintainer to leak the sentry token under specific circumstances by changing the configured URL in the Sentry error tracking settings page. This issue is a result of an incomplete fix for a previous problem.

Recommendations For GitLab CE/EE versions 11.8 through 16.1.4, update to version 16.1.5 or later. For GitLab CE/EE versions 16.2 through 16.2.4, update to version 16.2.5 or later. For GitLab CE/EE versions 16.3 through 16.3.0, update to version 16.3.1 or later. As a temporary workaround, consider restricting access to the Sentry error tracking settings page to minimize the risk of exploitation.