CVE-2023-3511

🗓️ 15 Dec 2023 15:31:04Reported by GitLabType

Issue in GitLab EE, versions 8.17 - 16.6.2, allowing auditors to fork and submit merge requests to private projects

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2023-3511	11 Jan 202415:52	–	circl
CNNVD	GitLab Security Breach	15 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-3511 Incorrect Authorization in GitLab	15 Dec 202315:31	–	cvelist
Debian CVE	CVE-2023-3511	15 Dec 202315:31	–	debiancve
FreeBSD	Gitlab -- vulnerabilities	13 Dec 202300:00	–	freebsd
EUVD	EUVD-2023-44170	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)	14 Dec 202300:00	–	nessus
Tenable Nessus	GitLab 8.17 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-3511)	14 Dec 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-3511	27 Aug 202500:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition	15 Dec 202300:00	–	ncsc

NVD

Vulners

Node

gitlab gitlabRange8.17–16.4.4enterprise

gitlab gitlabRange16.5–16.5.4enterprise

gitlab gitlabRange16.6–16.6.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "8.17",
        "status": "affected",
        "lessThan": "16.4.4",
        "versionType": "semver"
      },
      {
        "version": "16.5",
        "status": "affected",
        "lessThan": "16.5.4",
        "versionType": "semver"
      },
      {
        "version": "16.6",
        "status": "affected",
        "lessThan": "16.6.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/416961
hackerone	www.hackerone.com/reports/2046752

20 Nov 2025 04:08Current

3.8Low risk

Vulners AI Score3.8

CVSS 3.12 - 3.5

EPSS0.0002

CWE-863