An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/416647 |
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-08-04T00:30:28.797Z
Updated: 2024-08-30T15:43:39.968Z
Reserved: 2023-07-28T22:01:47.449Z
Link: CVE-2023-4002
Vulnrichment
Updated: 2024-08-02T07:17:11.377Z
NVD
Status : Analyzed
Published: 2023-08-04T01:15:10.557
Modified: 2023-08-08T18:46:54.137
Link: CVE-2023-4002
Redhat
No data.