An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/406803 | Issue Tracking Vendor Advisory |
https://hackerone.com/reports/1928709 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Oct 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/406803 - Issue Tracking, Vendor Advisory | |
References | () https://hackerone.com/reports/1928709 - Permissions Required, Third Party Advisory |
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
20 Jul 2023, 20:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
References | (MISC) https://hackerone.com/reports/1928709 - Third Party Advisory | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/406803 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-74 |
13 Jul 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 03:15
Updated : 2024-10-08 19:16
NVD link : CVE-2023-3444
Mitre link : CVE-2023-3444
CVE.ORG link : CVE-2023-3444
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-863
Incorrect Authorization