CVE-2023-6840

Summary

An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab16.4 < 16.6.7affected
GitLabGitLab16.7 < 16.7.5affected
GitLabGitLab16.8 < 16.8.2affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References