CVE-2023-2576 — Incorrect Authorization in Gitlab

CWE-863 — Incorrect Authorization CWE-284 — Improper Access Control5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 60.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJul 13

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5gitlab/gitlab13.7 — 15.11.10+2

▶NVDgitlab/gitlab13.7.0 — 15.11.10+2

▶debiandebian/gitlab< gitlab 15.11.11+ds1-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-242m-wgg2-vv66: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13↗2023-07-13

▶

OSV

CVE-2023-2576: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13↗2023-07-13

▶

📋Vendor Advisories

GitLab

CVE-2023-2576: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6,↗2023-07-13

▶

Debian

CVE-2023-2576: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2023

▶