Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0805

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.

Published

2023-05-03T22:15:16.553

Last Modified

2025-02-12T16:15:34.123

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 15.9.6	Yes
Application	gitlab	gitlab	< 15.10.5	Yes
Application	gitlab	gitlab	< 15.11.1	Yes

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json Third Party Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/391433 Broken Link ([email protected])
https://hackerone.com/reports/1850046 Permissions Required ([email protected])
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/391433 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1850046 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)