{"api_version":"1","generated_at":"2026-04-21T20:53:20+00:00","cve":"CVE-2023-4630","urls":{"html":"https://cve.report/CVE-2023-4630","api":"https://cve.report/api/cve/CVE-2023-4630.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4630","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4630"},"summary":{"title":"CVE-2023-4630","description":"An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.","state":"PUBLIC","assigner":"cve@gitlab.com","published_at":"2023-09-11 14:15:00","updated_at":"2023-09-13 16:50:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/415117","name":"https://gitlab.com/gitlab-org/gitlab/-/issues/415117","refsource":"MISC","tags":[],"title":"Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/","name":"https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/","refsource":"MISC","tags":["Vendor Advisory"],"title":"GitLab Security Release: 16.3.1, 16.2.5, and 16.1.5\n|\nGitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4630","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4630","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4630","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4630","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4630","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"16.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4630","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"16.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-4630","qid":"379587","title":"Gitlab Multiple Vulnerabilities (prior to gitlab- 16.3.1, 16.2.5, 16.1.5)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4630","ASSIGNER":"cve@gitlab.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"GitLab","product":{"product_data":[{"product_name":"GitLab","version":{"version_data":[{"version_affected":"<","version_name":"10.6","version_value":"16.1.5"},{"version_affected":"<","version_name":"16.2","version_value":"16.2.5"},{"version_affected":"<","version_name":"16.3","version_value":"16.3.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/415117","refsource":"MISC","name":"https://gitlab.com/gitlab-org/gitlab/-/issues/415117"}]},"solution":[{"lang":"en","value":"Upgrade to versions 16.1.5, 16.2.5, 16.3.1 or above."}],"credits":[{"lang":"en","value":"This vulnerability was found internally by a GitLab team member Rodrigo Tomonari."}],"impact":{"cvss":[{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5,"baseSeverity":"MEDIUM"}]}},"nvd":{"publishedDate":"2023-09-11 14:15:00","lastModifiedDate":"2023-09-13 16:50:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"16.2.0","versionEndExcluding":"16.2.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"16.2.0","versionEndExcluding":"16.2.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"10.6.0","versionEndExcluding":"16.1.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.6.0","versionEndExcluding":"16.1.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}