An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Oct 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-74 |
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-99 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Improper Control of Resource Identifiers ('Resource Injection') in GitLab | Incorrect Authorization in GitLab |
Weaknesses | CWE-863 |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-07-13T02:08:20.930Z
Updated: 2024-11-05T15:15:46.783Z
Reserved: 2023-06-28T13:19:28.787Z
Link: CVE-2023-3444
Vulnrichment
Updated: 2024-08-02T06:55:03.538Z
NVD
Status : Modified
Published: 2023-07-13T03:15:10.413
Modified: 2024-11-21T08:17:16.947
Link: CVE-2023-3444
Redhat
No data.