CVE-2023-4379

🗓️ 09 Nov 2023 21:01:10Reported by GitLabType

An issue in GitLab EE from 15.3 to 16.4.1 allows unauthorized code owner approval in merge requests

Reporter	Title	Published	Views	Family All 16
FreeBSD	Gitlab -- vulnerabilities	28 Sep 202300:00	–	freebsd
ATTACKERKB	CVE-2023-4379	9 Nov 202321:15	–	attackerkb
CNNVD	GitLab Enterprise Edition Security Vulnerability	9 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-4379 Incorrect Authorization in GitLab	9 Nov 202321:01	–	cvelist
Debian CVE	CVE-2023-4379	9 Nov 202321:01	–	debiancve
EUVD	EUVD-2023-54243	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (6e0ebb4a-5e75-11ee-a365-001b217b3468)	29 Sep 202300:00	–	nessus
Tenable Nessus	GitLab 15.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-4379)	29 Sep 202300:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition	29 Sep 202300:00	–	ncsc
NVD	CVE-2023-4379	9 Nov 202321:15	–	nvd

NVD

Vulners

Node

gitlab gitlabRange15.3.0–16.2.8enterprise

gitlab gitlabRange16.3.0–16.3.5enterprise

gitlab gitlabMatch16.4.0enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "15.3",
        "status": "affected",
        "lessThan": "16.2.8",
        "versionType": "semver"
      },
      {
        "version": "16.3",
        "status": "affected",
        "lessThan": "16.3.5",
        "versionType": "semver"
      },
      {
        "version": "16.4",
        "status": "affected",
        "lessThan": "16.4.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/415496

02 Jun 2026 04:13Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5 - 8.1

EPSS0.00013

SSVC

CWE-863