CVE-2023-3441

Summary

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab8.0 < 16.4affected

Weaknesses

  • CWE-213: CWE-213: Exposure of Sensitive Information Due to Incompatible Policies

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References