An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/417481 | Broken Link |
https://hackerone.com/reports/2058121 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
03 Oct 2023, 15:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/417481 - Broken Link | |
References | (MISC) https://hackerone.com/reports/2058121 - Permissions Required | |
CPE | cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* |
|
CWE | CWE-345 | |
First Time |
Gitlab
Gitlab gitlab |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
29 Sep 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-29 07:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-3920
Mitre link : CVE-2023-3920
CVE.ORG link : CVE-2023-3920
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-345
Insufficient Verification of Data Authenticity