CVE-2023-3115

Summary

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab11.11 < 16.2.8affected
GitLabGitLab16.3 < 16.3.5affected
GitLabGitLab16.4 < 16.4.1affected

Weaknesses

  • CWE-286: CWE-286: Incorrect User Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References