Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2190

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public.

Published

2023-07-13T02:15:09.203

Last Modified

2024-11-21T07:58:06.850

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639
Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 15.11.10	Yes
Application	gitlab	gitlab	< 15.11.10	Yes
Application	gitlab	gitlab	< 16.0.6	Yes
Application	gitlab	gitlab	< 16.0.6	Yes
Application	gitlab	gitlab	< 16.1.1	Yes
Application	gitlab	gitlab	< 16.1.1	Yes

References

https://gitlab.com/gitlab-org/gitlab/-/issues/408137 Broken Link, Vendor Advisory ([email protected])
https://hackerone.com/reports/1944500 Third Party Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/408137 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1944500 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)