Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3511


An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.


Published

2023-12-15T16:15:43.053

Last Modified

2024-11-21T08:17:25.530

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.0 (LOW)

Weaknesses
  • Type: Secondary
    CWE-863
  • Type: Primary
    NVD-CWE-Other

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gitlab gitlab < 16.4.4 Yes
Application gitlab gitlab < 16.5.4 Yes
Application gitlab gitlab < 16.6.2 Yes

References