PT-2023-31905 · Gitlab · Gitlab
Thelucion
·
Publicado
2023-09-29
·
Atualizado
2024-10-03
·
CVE-2023-5198
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab versions prior to 16.2.7
GitLab versions 16.3 through 16.3.5
GitLab versions 16.4 through 16.4.1
Description
An issue has been discovered in GitLab where a removed project member could write to protected branches using deploy keys.
Recommendations
For versions prior to 16.2.7, update to version 16.2.7 or later.
For versions 16.3 through 16.3.4, update to version 16.3.5 or later.
For versions 16.4 through 16.4.0, update to version 16.4.1 or later.
Exploit
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gitlab