Lucene search

Ubuntu.comUB:CVE-2023-4895

HistoryFeb 22, 2024 - 12:00 a.m.

CVE-2023-4895

2024-02-2200:00:00

ubuntu.com

cve-2023-4895

gitlab ee

version 12.0 to 16.7.6

version 16.8 to 16.8.3

version 16.9 to 16.9.1

environment details

unix

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

An issue has been discovered in GitLab EE affecting all versions starting
from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all
versions starting from 16.9 before 16.9.1. This vulnerability allows for
bypassing the ‘group ip restriction’ settings to access environment details
of projects

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/424766

hackerone.com/reports/2134787

launchpad.net/bugs/cve/CVE-2023-4895

nvd.nist.gov/vuln/detail/CVE-2023-4895

security-tracker.debian.org/tracker/CVE-2023-4895

www.cve.org/CVERecord?id=CVE-2023-4895

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for UB:CVE-2023-4895