CVE-2023-3115

2023-09-2907:15:13

Google

osv.dev

gitlab ee

unauthorized access

single sign on

public repositories

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.

CPENameOperatorVersion
gitlabeq10.5.0.pre
gitlabeq10.9.0.pre
gitlabeq11-10-119f9509d50-6d7537235-ee
gitlabeq7.4.0-ee
gitlabeq6.0.0-ee.rc1
gitlabeq9.3.0.pre
gitlabeq16.2.1-ee
gitlabeq3.0.3
gitlabeq7.4.3-ee
gitlabeq2.3.0

Name	Operator	Version
gitlab	eq	10.5.0.pre
gitlab	eq	10.9.0.pre
gitlab	eq	11-10-119f9509d50-6d7537235-ee
gitlab	eq	7.4.0-ee
gitlab	eq	6.0.0-ee.rc1
gitlab	eq	9.3.0.pre
gitlab	eq	16.2.1-ee
gitlab	eq	3.0.3
gitlab	eq	7.4.3-ee
gitlab	eq	2.3.0