An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-01T07:02:18.158Z
Updated: 2024-09-18T04:06:25.187Z
Reserved: 2023-07-26T22:30:27.029Z
Link: CVE-2023-3964
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-12-01T07:15:09.620
Modified: 2023-12-06T18:32:45.550
Link: CVE-2023-3964
Redhat
No data.