Unauthorized File Access Vulnerability in GitLab Products
CVE-2023-5117

3.7LOW

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 25 December 2024

What is CVE-2023-5117?

An unauthorized access vulnerability was discovered in GitLab CE/EE versions before 17.6.0, which affects how files are handled in confidential issues and epics of public projects. Users may inadvertently expose sensitive files uploaded to comments due to the possibility of accessing these files through a direct link, without authentication. This issue raises significant privacy and data security concerns for users, particularly in collaborative environments where confidentiality is paramount. Users are urged to update to the latest version to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GitLab 0 < 17.6.0

References

https://gitlab.com/gitlab-org/gitlab/-/issues/398250

issue-trackingpermissions-required

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 25, 2024
Vulnerability Reserved
Sep 21, 2023

Credit

This issue was reported internally by team member [Greg Myers](https://gitlab.com/greg).

JSON

Gitlab

What is CVE-2023-5117?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.