Lucene search

PRIOn knowledge basePRION:CVE-2023-1417

HistoryApr 05, 2023 - 9:15 p.m.

Design/Logic Flaw

2023-04-0521:15:00

PRIOn knowledge base

www.prio-n.com

gitlab

design flaw

logic flaw

security vulnerability

unauthorised access

nvd

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.4%

JSON

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim’s epic in an unrelated group.

CPENameOperatorVersion
gitlabeq15.10.0
gitlabeq15.10.0
gitlabge15.9.0
gitlablt15.9.4
gitlabge15.9.0
gitlablt15.9.4

Name	Operator	Version
gitlab	eq	15.10.0
gitlab	eq	15.10.0
gitlab	ge	15.9.0
gitlab	lt	15.9.4
gitlab	ge	15.9.0
gitlab	lt	15.9.4

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json

gitlab.com/gitlab-org/gitlab/-/issues/396720

hackerone.com/reports/1892200