An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches.
History

Tue, 05 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-74

Thu, 03 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-99

Thu, 03 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Title Improper Control of Resource Identifiers ('Resource Injection') in GitLab Incorrect Authorization in GitLab
Weaknesses CWE-863

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-07-13T02:08:20.930Z

Updated: 2024-11-05T15:15:46.783Z

Reserved: 2023-06-28T13:19:28.787Z

Link: CVE-2023-3444

cve-icon Vulnrichment

Updated: 2024-08-02T06:55:03.538Z

cve-icon NVD

Status : Modified

Published: 2023-07-13T03:15:10.413

Modified: 2024-11-21T08:17:16.947

Link: CVE-2023-3444

cve-icon Redhat

No data.