An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/416497 | Broken Link Vendor Advisory |
https://hackerone.com/reports/2036500 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Dec 2023, 18:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | NVD-CWE-noinfo | |
References | () https://hackerone.com/reports/2036500 - Permissions Required, Third Party Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/416497 - Broken Link, Vendor Advisory | |
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:* |
01 Dec 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-01 07:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-3443
Mitre link : CVE-2023-3443
CVE.ORG link : CVE-2023-3443
JSON object : View
Products Affected
gitlab
- gitlab
CWE