An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/416961 | Broken Link |
https://hackerone.com/reports/2046752 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
19 Dec 2023, 21:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.5 |
First Time |
Gitlab
Gitlab gitlab |
|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | |
Summary |
|
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/416961 - Broken Link | |
References | () https://hackerone.com/reports/2046752 - Permissions Required |
15 Dec 2023, 16:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-15 16:15
Updated : 2023-12-19 21:14
NVD link : CVE-2023-3511
Mitre link : CVE-2023-3511
CVE.ORG link : CVE-2023-3511
JSON object : View
Products Affected
gitlab
- gitlab
CWE