An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1071.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/385434 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
12 Apr 2023, 19:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
First Time |
Gitlab
Gitlab gitlab |
|
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/385434 - Broken Link | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1071.json - Vendor Advisory | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:community:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
05 Apr 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-05 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1071
Mitre link : CVE-2023-1071
CVE.ORG link : CVE-2023-1071
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-863
Incorrect Authorization