N/A

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

N/A

GitLab Community Edition和GitLab Enterprise Edition 信息泄露漏洞

GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是美国GitLab公司的一种社区版 GitLab 。 GitLab Community Edition (CE) and Enterprise Edition (EE)存在信息泄露漏洞，该漏洞是由于错误消息中缺少过滤而存在的。当 CI/CD 配置中的 include 指令失败时，远程用户可以获得对敏感信息的未经授权的访问。该漏洞允许远程攻击者获得对潜在敏感信息的访问。

N/A

N/A