Lucene search

GitLabVULNRICHMENT:CVE-2023-4379

HistoryNov 09, 2023 - 9:01 p.m.

CVE-2023-4379 Improper Access Control in GitLab

2023-11-0921:01:10

CWE-284

GitLab

github.com

cve-2023-4379

improper access control

gitlab ee

code owner approval

merge requests

target branch

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.

References

gitlab.com/gitlab-org/gitlab/-/issues/415496

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-4379