An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/396720 | Broken Link |
https://hackerone.com/reports/1892200 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2023-04-05 21:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1417
Mitre link : CVE-2023-1417
CVE.ORG link : CVE-2023-1417
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-863
Incorrect Authorization