CVE-2023-3413

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-201
View all →

Vulnerability Description

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members.

Related Vulnerabilities

CVE-2016-10518

HIGH
CVSS:7.5(High)

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a po...

CWE-2012016

CVE-2016-10519

HIGH
CVSS:7.5(High)

A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.

CWE-2012016

CVE-2020-5364

HIGH
CVSS:7.5(High)

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-...

CWE-2012020

CVE-2020-8975

HIGH
CVSS:7.5(High)

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access ...

CWE-2012020

CVE-2023-49261

HIGH
CVSS:7.5(High)

The "tokenKey" value used in user authorization is visible in the HTML source of the login page.

CWE-2012023

CVE-2024-13254

HIGH
CVSS:7.5(High)

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.

CWE-2012024