VDB
CVE-2023-4378
CVE-2023-4378
PUBLISHED
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.
EPSS 0.14% · 34.6th percentile
Risk Scores
EPSS Score
0.14%
34.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 11.8.0, 16.2.0, 16.3.0 |
| Bitnami | gitlab | 16.2.0, 16.3.0, 11.8.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-4378 (circl-sighting)
- CIRCL seen: CVE-2023-4378 (circl-sighting)
- GitLab Issue #422134 (circl)
- https://hackerone.com/reports/2104591 (osv)
Timeline
- Aug 31, 2023 CVE Published
- Sep 1, 2023 PoC Published
- Sep 2, 2023 EPSS Score
- Sep 3, 2023 CVE Updated
- Oct 5, 2023 EPSS Score
- Nov 7, 2023 EPSS Score
- Dec 9, 2023 EPSS Score
- Jan 11, 2024 EPSS Score
- Feb 13, 2024 EPSS Score
- Mar 17, 2024 EPSS Score
- Apr 18, 2024 EPSS Score
- May 21, 2024 EPSS Score