| |
Vulnerability CVE-2023-0989
Published: 2023-09-29
| Description: |
An information disclosure issue in GitLab CE/EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. |
References: |
https://gitlab.com/gitlab-org/gitlab/-/issues/417275
https://hackerone.com/reports/1875515
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
