CVE-2023-3441

Exploit

EPSS 0.07%
Veröffentlicht 01.10.2024 10:15:02
Zuletzt bearbeitet 12.12.2024 20:00:32
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 8.0.0 < 16.4.0

Gitlab ≫ Gitlab SwEditionenterprise Version >= 8.0.0 < 16.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.218

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
cve@gitlab.com	6.6	1.3	4.7	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

CWE-213 Exposure of Sensitive Information Due to Incompatible Policies

The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.

https://gitlab.com/gitlab-org/gitlab/-/issues/416482

Exploit

Issue Tracking

https://gitlab.com/gitlab-org/gitlab/-/issues/417284

Exploit

Issue Tracking

https://hackerone.com/reports/2033561

Permissions Required

https://hackerone.com/reports/2041385

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-3441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3441

EUVD