CVE-2023-4379

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 08:34

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/415496 - Issue Tracking () https://gitlab.com/gitlab-org/gitlab/-/issues/415496 - Issue Tracking
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 8.1

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-284 CWE-863

16 Nov 2023, 19:24

Type Values Removed Values Added
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*
First Time Gitlab
Gitlab gitlab
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://gitlab.com/gitlab-org/gitlab/-/issues/415496 - () https://gitlab.com/gitlab-org/gitlab/-/issues/415496 - Issue Tracking

09 Nov 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-09 21:15

Updated : 2024-11-21 08:34


NVD link : CVE-2023-4379

Mitre link : CVE-2023-4379

CVE.ORG link : CVE-2023-4379


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-863

Incorrect Authorization

NVD-CWE-noinfo