An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.

Related CVEs

CVE-2023-2069

Key Information

GHSA ID

GHSA-6vqj-g5rm-3gp4

Published

May 3, 2023 9:30 PM

Last Modified

April 4, 2024 3:47 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 16, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.