An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user.
References
| Link | Resource |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/387531 | Broken Link |
| https://hackerone.com/reports/1818425 | Permissions Required |
| https://gitlab.com/gitlab-org/gitlab/-/issues/387531 | Broken Link |
| https://hackerone.com/reports/1818425 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gitlab.com/gitlab-org/gitlab/-/issues/387531 - Broken Link | |
| References | () https://hackerone.com/reports/1818425 - Permissions Required | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.5 |
03 Oct 2024, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-863 |
07 Sep 2023, 17:27
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:* |
|
| First Time |
Gitlab gitlab
Gitlab |
|
| CWE | NVD-CWE-Other | |
| References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/387531 - Broken Link | |
| References | (MISC) https://hackerone.com/reports/1818425 - Permissions Required | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
01 Sep 2023, 11:47
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-01 11:15
Updated : 2024-11-21 07:36
NVD link : CVE-2023-0120
Mitre link : CVE-2023-0120
CVE.ORG link : CVE-2023-0120
JSON object : View
Products Affected
gitlab
- gitlab
CWE