CVE-2023-0319

Published: Apr 5, 2023Modified: Feb 11, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 13.6.0 to 15.8.5
Gitlab Gitlab	From 15.9.0 to 15.9.4
Gitlab Gitlab	From 13.6.0 to 15.8.5
Gitlab Gitlab	From 15.9.0 to 15.9.4
Gitlab Gitlab	Version 15.10.0
Gitlab Gitlab	Version 15.10.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/388096

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/1817586

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/388096

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/1817586

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.