An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-01T07:01:58.125Z
Updated: 2024-09-18T04:07:05.182Z
Reserved: 2023-08-31T05:30:28.470Z
Link: CVE-2023-4658
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-12-01T07:15:10.807
Modified: 2023-12-06T19:22:50.170
Link: CVE-2023-4658
Redhat
No data.