CVE-2023-4658

🗓️ 01 Dec 2023 07:01:58Reported by GitLabType

An issue in GitLab EE from 8.13 to 16.6.1 allows abuse of `Allowed to merge` permission by guest user

Reporter	Title	Published	Views	Family All 19
FreeBSD	Gitlab -- Vulnerabilities	30 Nov 202300:00	–	freebsd
FreeBSD	Gitlab -- vulnerabilities	28 Sep 202300:00	–	freebsd
Circl	CVE-2023-4658	21 Dec 202317:42	–	circl
CNNVD	GitLab Security Breach	1 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-4658 Incorrect Authorization in GitLab	1 Dec 202307:01	–	cvelist
Debian CVE	CVE-2023-4658	1 Dec 202307:01	–	debiancve
EUVD	EUVD-2023-54510	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Vulnerabilities (3b14b2b4-9014-11ee-98b3-001b217b3468)	1 Dec 202300:00	–	nessus
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (6e0ebb4a-5e75-11ee-a365-001b217b3468)	29 Sep 202300:00	–	nessus
Tenable Nessus	GitLab 8.13 < 16.4.3 / 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-4658)	29 Sep 202300:00	–	nessus

NVD

Vulners

Node

gitlab gitlabRange8.13.0–16.4.3enterprise

gitlab gitlabRange16.5.0–16.5.3enterprise

gitlab gitlabMatch16.6.0enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "8.13",
        "status": "affected",
        "lessThan": "16.4.3",
        "versionType": "semver"
      },
      {
        "version": "16.5",
        "status": "affected",
        "lessThan": "16.5.3",
        "versionType": "semver"
      },
      {
        "version": "16.6",
        "status": "affected",
        "lessThan": "16.6.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2104540
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/423835

26 Apr 2026 04:06Current

3.7Low risk

Vulners AI Score3.7

CVSS 3.13.1

EPSS0.00055

CWE-863

gitlab ee cve-2023-4658 security vulnerability permission abuse guest user