Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6564

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.

Published

2024-02-08T12:15:55.767

Last Modified

2024-11-21T08:44:06.647

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	16.4.3	Yes
Application	gitlab	gitlab	16.5.3	Yes
Application	gitlab	gitlab	16.6.1	Yes

References

https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213 Issue Tracking, Permissions Required ([email protected])
https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213 Issue Tracking, Permissions Required (af854a3a-2127-422b-91ae-364da2661108)