CVE-2023-1098

Description

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.

How to fix CVE-2023-1098

To remediate CVE-2023-1098, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 15.8.5 or later

Is CVE-2023-1098 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 11.5.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References (4)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/383745
WEBhackerone.com/reports/1784294
WEBnvd.nist.gov/vuln/detail/CVE-2023-1098