Lucene search
Veracode Vulnerability DatabaseVERACODE:42192HistoryAug 06, 2023 - 7:19 a.m.
Information Disclosure
2023-08-0607:19:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
information disclosure
gitlab
session management
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
EPSS
0.003
Percentile
71.6%
gitlab is vulnerable to Information Disclosure. This vulnerability occurs when a user logs in to GitLab and then leaves the session open. If the attacker can then obtain the user’s session token, they can use it to impersonate the user and access their account.
Related
debiancve
debiancve
CVE-2023-1265
2023-05-03 21:15:17
prion
prion
Design/Logic Flaw
2023-05-03 21:15:00
cvelist
cvelist
CVE-2023-1265
2023-05-03 00:00:00
ubuntucve
ubuntucve
CVE-2023-1265
2023-05-03 00:00:00
nessus
nessus
GitLab 11.9 < 15.9.6 / 15.10 < 15.10.5 / 15.11 < 15.11.1 (CVE-2023-1265)
2024-05-17 00:00:00
osv
osv
CVE-2023-1265
2023-05-03 21:15:17
BIT-gitlab-2023-1265
2024-03-06 11:11:14
nvd
nvd
CVE-2023-1265
2023-05-03 21:15:17
cve
cve
CVE-2023-1265
2023-05-03 21:15:17
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
EPSS
0.003
Percentile
71.6%
Related for VERACODE:42192