CVE-2023-3115

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*

History

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-284 CWE-286

02 Oct 2023, 19:46

Type Values Removed Values Added
References (MISC) https://hackerone.com/reports/2004158 - (MISC) https://hackerone.com/reports/2004158 - Permissions Required
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/414367 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/414367 - Broken Link
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
First Time Gitlab
Gitlab gitlab
CWE NVD-CWE-Other

29 Sep 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-29 07:15

Updated : 2024-10-03 07:15


NVD link : CVE-2023-3115

Mitre link : CVE-2023-3115

CVE.ORG link : CVE-2023-3115


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-Other CWE-286

Incorrect User Management