PT-2023-27043 · Gitlab · Gitlab

Js_Noob

Published

2023-12-01

Updated

2024-10-03

CVE-2023-3964

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions 13.2 through 16.4.2 GitLab versions 16.5 through 16.5.2 GitLab versions 16.6 through 16.6.0

Description An issue has been discovered in GitLab, allowing users to access composer packages on public projects that have package registry disabled in the project settings.

Recommendations For GitLab versions 13.2 through 16.4.2, update to version 16.4.3 or later. For GitLab versions 16.5 through 16.5.2, update to version 16.5.3 or later. For GitLab versions 16.6 through 16.6.0, update to version 16.6.1 or later.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-GITLAB-2023-3964

CVE-2023-3964

Affected Products

Gitlab

PT-2023-27043 · Gitlab · Gitlab

CVE-2023-3964

Weakness Enumeration

Related Identifiers

Affected Products

References · 10