CVE-2023-3441

Exploit

EPSS 0.11%
Published 01.10.2024 10:15:02
Last modified 12.12.2024 20:00:32
Source cve@gitlab.com
Teams watchlist Login
Open Login

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 8.0.0 < 16.4.0

Gitlab ≫ Gitlab SwEditionenterprise Version >= 8.0.0 < 16.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.304

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
cve@gitlab.com	6.6	1.3	4.7	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

CWE-213 Exposure of Sensitive Information Due to Incompatible Policies

The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.

https://gitlab.com/gitlab-org/gitlab/-/issues/416482

Exploit

Issue Tracking

https://gitlab.com/gitlab-org/gitlab/-/issues/417284

Exploit

Issue Tracking

https://hackerone.com/reports/2033561

Permissions Required

https://hackerone.com/reports/2041385

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-3441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3441

EUVD