CVE-2023-38503: Incorrect Permission Checking for GraphQL Subscriptions
(updated )
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Access to information you should not have access to when the permissions rely on $CURRENT_USER for filtering.
References
Code Behaviors & Features
Detect and mitigate CVE-2023-38503 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →