Lucene search
Veracode Vulnerability DatabaseVERACODE:44840HistoryDec 26, 2023 - 1:48 p.m.
Improper Authorization
2023-12-2613:48:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
gitlab
improper authorization
public project
release descriptions
software
vulnerability
unauthorized users
atom endpoint
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.1%
Gitlab is vulnerable to Improper Authorization. It is possible for unauthorized users to view public project release descriptions via atom endpoint.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 | |
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 |
Related
nvd
nvd
CVE-2023-3949
2023-12-01 07:15:08
debiancve
debiancve
CVE-2023-3949
2023-12-01 07:15:08
cve
cve
CVE-2023-3949
2023-12-01 07:15:08
cvelist
cvelist
osv
osv
BIT-gitlab-2023-3949
2024-03-06 11:01:45
CVE-2023-3949
2023-12-01 07:15:08
nessus
nessus
GitLab 11.3 < 16.4.3 / 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-3949)
2023-12-07 00:00:00
FreeBSD : Gitlab -- Vulnerabilities (3b14b2b4-9014-11ee-98b3-001b217b3468)
2023-12-01 00:00:00
prion
prion
Design/Logic Flaw
2023-12-01 07:15:00
ubuntucve
ubuntucve
CVE-2023-3949
2023-12-01 00:00:00
freebsd
freebsd
Gitlab -- Vulnerabilities
2023-11-30 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.1%
Related for VERACODE:44840