CVE-2023-5117
LOWDescription
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
| gitlab | gitlab |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2023-5117? +
How severe is CVE-2023-5117? +
What products are affected by CVE-2023-5117? +
How do I check if I'm vulnerable to CVE-2023-5117? +
Related Vulnerabilities
Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by …
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not …
Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user …
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access …
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe …