CVE-2023-3979 - OpenCVE

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.4.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.4.0::::enterprise:::

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/419972
https://hackerone.com/reports/2082560

History

Thu, 03 Oct 2024 07:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 03 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Exposure of Sensitive Information to an Unauthorized Actor in GitLab	Incorrect Authorization in GitLab
Weaknesses		CWE-863

Thu, 19 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab::::::::

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-09-29T06:02:06.310Z

Updated: 2024-10-03T06:23:13.555Z

Reserved: 2023-07-27T18:01:01.568Z

Link: CVE-2023-3979

Vulnrichment

Updated: 2024-08-02T07:08:50.787Z

NVD

Status : Modified

Published: 2023-09-29T07:15:13.910

Modified: 2024-10-03T07:15:16.920

Link: CVE-2023-3979

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3979", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-07-27T18:01:01.568Z", "datePublished": "2023-09-29T06:02:06.310Z", "dateUpdated": "2024-10-03T06:23:13.555Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "16.2.8", "status": "affected", "version": "10.6", "versionType": "semver"}, {"lessThan": "16.3.5", "status": "affected", "version": "16.3", "versionType": "semver"}, {"lessThan": "16.4.1", "status": "affected", "version": "16.4", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request\u2019s source branch."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:13.555Z"}, "references": [{"name": "GitLab Issue #419972", "tags": ["issue-tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972"}, {"name": "HackerOne Bug Bounty Report #2082560", "tags": ["technical-description", "exploit", "permissions-required"], "url": "https://hackerone.com/reports/2082560"}], "solutions": [{"lang": "en", "value": "Upgrade to version 16.4.1, 16.3.5, 16.2.8"}], "title": "Incorrect Authorization in GitLab"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-25T14:04:09.768079Z", "id": "CVE-2023-3979", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T14:04:19.222Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.787Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972", "name": "GitLab Issue #419972", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2082560", "name": "HackerOne Bug Bounty Report #2082560", "tags": ["technical-description", "exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972", "name": "GitLab Issue #419972", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2082560", "name": "HackerOne Bug Bounty Report #2082560", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.787Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3979", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-25T14:04:09.768079Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T14:04:16.140Z"}}], "cna": {"title": "Incorrect Authorization in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "10.6", "lessThan": "16.2.8", "versionType": "semver"}, {"status": "affected", "version": "16.3", "lessThan": "16.3.5", "versionType": "semver"}, {"status": "affected", "version": "16.4", "lessThan": "16.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 16.4.1, 16.3.5, 16.2.8"}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972", "name": "GitLab Issue #419972", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2082560", "name": "HackerOne Bug Bounty Report #2082560", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request\u2019s source branch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:13.555Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3979", "state": "PUBLISHED", "dateUpdated": "2024-10-03T06:23:13.555Z", "dateReserved": "2023-07-27T18:01:01.568Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-09-29T06:02:06.310Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "049BDC78-13F1-4F9D-B6C1-C50F9109A1A6", "versionEndExcluding": "16.2.8", "versionStartIncluding": "10.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "084AF463-DF79-4CF3-A85B-BDF6BF60AA57", "versionEndExcluding": "16.2.8", "versionStartIncluding": "10.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "50271B2B-7070-4ED0-AB68-65B99D44A68A", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*", "matchCriteriaId": "B5D4FDD1-7A68-4245-A4D5-842E4FD03FAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request\u2019s source branch. "}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 10.6 anteriores a 16.2.8, todas las versiones desde 16.3 anteriores a 16.3.5, todas las versiones desde 16.4 anteriores a 16.4.1. Era posible que los miembros upstream que colaboraran en su sucursal obtuvieran permisos para escribir en la sucursal fuente de la solicitud de fusi\u00f3n."}], "id": "CVE-2023-3979", "lastModified": "2024-10-03T07:15:16.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-09-29T07:15:13.910", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2082560"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "cve@gitlab.com", "type": "Secondary"}]}