PT-2023-16536 · Gitlab · Gitlab Ce/Ee+1

Albatraoz

Publicado

2023-05-03

Atualizado

2024-03-06

CVE-2023-0805

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.2 through 15.9.5 GitLab EE versions 15.10 through 15.10.4 GitLab EE versions 15.11 through 15.11.0

Description An issue has been discovered in GitLab EE where a malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.

Recommendations For versions 15.2 through 15.9.5, update to version 15.9.6 or later. For versions 15.10 through 15.10.4, update to version 15.10.5 or later. For versions 15.11 through 15.11.0, update to version 15.11.1 or later.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

BIT-GITLAB-2023-0805

CVE-2023-0805

Produtos afetados

Gitlab

Gitlab Ce/Ee

PT-2023-16536 · Gitlab · Gitlab Ce/Ee+1

CVE-2023-0805

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9