A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/418115 | Broken Link |
https://hackerone.com/reports/2040822 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
03 Oct 2023, 15:31
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/2040822 - Permissions Required | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/418115 - Broken Link | |
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:* |
29 Sep 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-29 07:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3914
Mitre link : CVE-2023-3914
CVE.ORG link : CVE-2023-3914
JSON object : View
Products Affected
gitlab
- gitlab
CWE