CVE-2023-3484

Published: Jul 21, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.

Affected (3)

Products: Gitlab: Gitlab

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.8.0 to 15.11.11
Gitlab Gitlab	From 16.0.0 to 16.0.7
Gitlab Gitlab	From 16.1.0 to 16.1.2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (5)

https://gitlab.com/gitlab-org/gitlab/-/issues/416773

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2035687

Source: cve@gitlab.com

Permissions Required

https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/

Source: nvd@nist.gov

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/416773

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/2035687

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.