5.4

CVE-2023-3115

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version >= 11.11 < 16.2.8
GitlabGitlab SwEditionenterprise Version >= 11.11 < 16.2.8
GitlabGitlab SwEditioncommunity Version >= 16.3.0 < 16.3.5
GitlabGitlab SwEditionenterprise Version >= 16.3.0 < 16.3.5
GitlabGitlab Version16.4.0 SwEditioncommunity
GitlabGitlab Version16.4.0 SwEditionenterprise
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.108
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-286 Incorrect User Management

The product does not properly manage a user within its environment.