An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/424398 | Broken Link |
https://hackerone.com/reports/2115574 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
18 Jan 2024, 21:18
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
First Time |
Gitlab
Gitlab gitlab |
|
Summary |
|
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/424398 - Broken Link | |
References | () https://hackerone.com/reports/2115574 - Permissions Required | |
CPE | cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
12 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 14:15
Updated : 2024-01-18 21:18
NVD link : CVE-2023-4812
Mitre link : CVE-2023-4812
CVE.ORG link : CVE-2023-4812
JSON object : View
Products Affected
gitlab
- gitlab
CWE