nvd-json-data-feeds/CVE-2023/CVE-2023-39xx/CVE-2023-3949.json

{
  "id": "CVE-2023-3949",
  "sourceIdentifier": "cve@gitlab.com",
  "published": "2023-12-01T07:15:08.973",
  "lastModified": "2024-10-03T07:15:16.393",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 11.3 anteriores a 16.4.3, todas las versiones desde 16.5 anteriores a 16.5.3, todas las versiones desde 16.6 anteriores a 16.6.1. Era posible que usuarios no autorizados vieran las descripciones de la versi\u00f3n de un proyecto p\u00fablico a trav\u00e9s de un endpoint Atom cuando el acceso a la versi\u00f3n p\u00fablica estaba configurado solo para los miembros del proyecto."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      },
      {
        "source": "cve@gitlab.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "cve@gitlab.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-201"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "11.3.0",
              "versionEndExcluding": "16.4.3",
              "matchCriteriaId": "EAC69A79-4900-45F1-A299-E449ED2D0057"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "11.3.0",
              "versionEndExcluding": "16.4.3",
              "matchCriteriaId": "79FABBE9-AC1C-46A9-8337-C2352E29B3C3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "16.5.0",
              "versionEndExcluding": "16.5.3",
              "matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "16.5.0",
              "versionEndExcluding": "16.5.3",
              "matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*",
              "matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419664",
      "source": "cve@gitlab.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://hackerone.com/reports/2079374",
      "source": "cve@gitlab.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`{`
			`"id": "CVE-2023-3949",`
			`"sourceIdentifier": "cve@gitlab.com",`
			`"published": "2023-12-01T07:15:08.973",`
Auto-Update: 2024-10-03T08:00:18.801776+00:00 2024-10-03 08:03:17 +00:00			`"lastModified": "2024-10-03T07:15:16.393",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members."`
Auto-Update: 2023-12-01T15:00:49.539629+00:00 2023-12-01 15:00:53 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 11.3 anteriores a 16.4.3, todas las versiones desde 16.5 anteriores a 16.5.3, todas las versiones desde 16.6 anteriores a 16.6.1. Era posible que usuarios no autorizados vieran las descripciones de la versi\u00f3n de un proyecto p\u00fablico a trav\u00e9s de un endpoint Atom cuando el acceso a la versi\u00f3n p\u00fablica estaba configurado solo para los miembros del proyecto."`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
Auto-Update: 2023-12-06T19:00:18.767547+00:00 2023-12-06 19:00:22 +00:00			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 1.4`
			`},`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`{`
			`"source": "cve@gitlab.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
			`"weaknesses": [`
Auto-Update: 2023-12-06T19:00:18.767547+00:00 2023-12-06 19:00:22 +00:00			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "NVD-CWE-noinfo"`
			`}`
			`]`
			`},`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`{`
			`"source": "cve@gitlab.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
Auto-Update: 2024-10-03T08:00:18.801776+00:00 2024-10-03 08:03:17 +00:00			`"value": "CWE-201"`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-12-06T19:00:18.767547+00:00 2023-12-06 19:00:22 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::community:::*",`
			`"versionStartIncluding": "11.3.0",`
			`"versionEndExcluding": "16.4.3",`
			`"matchCriteriaId": "EAC69A79-4900-45F1-A299-E449ED2D0057"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::enterprise:::*",`
			`"versionStartIncluding": "11.3.0",`
			`"versionEndExcluding": "16.4.3",`
			`"matchCriteriaId": "79FABBE9-AC1C-46A9-8337-C2352E29B3C3"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::community:::*",`
			`"versionStartIncluding": "16.5.0",`
			`"versionEndExcluding": "16.5.3",`
			`"matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:::::enterprise:::*",`
			`"versionStartIncluding": "16.5.0",`
			`"versionEndExcluding": "16.5.3",`
			`"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0::::community:::",`
			`"matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0::::enterprise:::",`
			`"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`"references": [`
			`{`
			`"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419664",`
Auto-Update: 2023-12-06T19:00:18.767547+00:00 2023-12-06 19:00:22 +00:00			`"source": "cve@gitlab.com",`
			`"tags": [`
			`"Broken Link",`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`},`
			`{`
			`"url": "https://hackerone.com/reports/2079374",`
Auto-Update: 2023-12-06T19:00:18.767547+00:00 2023-12-06 19:00:22 +00:00			`"source": "cve@gitlab.com",`
			`"tags": [`
			`"Permissions Required",`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-12-01T09:00:19.937917+00:00 2023-12-01 09:00:23 +00:00			`}`
			`]`
			`}`