CVE-2023-5117

Summary

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab0 < 17.6.0affected

Weaknesses

  • CWE-213: CWE-213: Exposure of Sensitive Information Due to Incompatible Policies

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References