7 matches found
CVE-2023-4658
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...
CVE-2023-4658 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...
CVE-2023-4658
CVE-2023-4658 refers to an incorrect authorization in GitLab EE where a guest user could exploit a group-granted Allowed to merge permission. Affects GitLab EE versions from 8.13 up to, but not including, 16.4.3; 16.5 up to 16.5.3; and 16.6 up to 16.6.1, per multiple sources in the connected docu...
CVE-2023-4658
Removed by vendor...
CVE-2023-4658
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...
FreeBSD : Gitlab -- Vulnerabilities (3b14b2b4-9014-11ee-98b3-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3b14b2b4-9014-11ee-98b3-001b217b3468 advisory. - An issue has been discovered in GitLab EE affecting all versions starting from X.Y before...
GitLab 8.13 < 16.4.3 / 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-4658)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was...