PT-2023-9613 · Gitlab · Gitlab Ce/Ee+1
Samuellgon
·
Published
2023-06-28
·
Updated
2024-12-12
·
CVE-2023-3441
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GitLab EE/CE versions 8.0 through 16.3
Description
The issue concerns the insufficient warning about security implications of granting merge rights to protected branches in GitLab EE/CE. This could potentially lead to exposure of sensitive information due to incompatible policies, resulting in a data leak. The vulnerability is related to inadequate protection of service data, which may allow a remote attacker to access, modify, or delete data.
Recommendations
For GitLab EE/CE versions 8.0 through 16.3, upgrade the affected component to a version that includes the necessary security fixes to mitigate the risk of data exposure due to insufficient warnings about merge rights to protected branches.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee