An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/414367 | Broken Link |
https://hackerone.com/reports/2004158 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-286 |
02 Oct 2023, 19:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/2004158 - Permissions Required | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/414367 - Broken Link | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CPE | cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
First Time |
Gitlab
Gitlab gitlab |
|
CWE | NVD-CWE-Other |
29 Sep 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-29 07:15
Updated : 2024-10-03 07:15
NVD link : CVE-2023-3115
Mitre link : CVE-2023-3115
CVE.ORG link : CVE-2023-3115
JSON object : View
Products Affected
gitlab
- gitlab
CWE