CVE-2023-3511
Published: 15 December 2023
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |