CVE-2023-0989

MEDIUM Year: 2023
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-282
View all →

Vulnerability Description

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.

Related Vulnerabilities

CVE-2024-13249

MEDIUM
CVSS:5.4(Medium)

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1....

CWE-2822024

CVE-2024-43176

MEDIUM
CVSS:5.4(Medium)

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

CWE-2822024

CVE-2020-10632

MEDIUM
CVSS:5.3(Medium)

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an un...

CWE-2822020

CVE-2024-13246

MEDIUM
CVSS:5.3(Medium)

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.

CWE-2822024

CVE-2025-32946

MEDIUM
CVSS:5.3(Medium)

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performe...

CWE-2822025

CVE-2024-47816

MEDIUM
CVSS:6.4(Medium)

ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki ha...

CWE-2822024