CVE-2023-6840

Published: Feb 7, 2024Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

Exploitability: 1.2 / Impact: 5.5

Source: NVD

Description

An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.

Affected (3)

Products: Gitlab: Gitlab

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 16.4.0 to 16.6.7
Gitlab Gitlab	From 16.7.0 to 16.7.5
Gitlab Gitlab	From 16.8.0 to 16.8.2

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://gitlab.com/gitlab-org/gitlab/-/issues/435500

Source: cve@gitlab.com

Issue TrackingPermissions Required

https://hackerone.com/reports/2280292

Source: cve@gitlab.com

Permissions RequiredTechnical Description

https://gitlab.com/gitlab-org/gitlab/-/issues/435500

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://hackerone.com/reports/2280292

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredTechnical Description

Timeline

No history available yet.