GitLab
Description
An Open Source code repository and collaborative software development platform for large DevOps and DevSecOps projects.
Website
Licenses
Product name
gitlab
Related organization
CVE-2023-4532 (GCVE-0-2023-4532)
Vulnerability from – Published: 2023-09-29 06:02 – Updated: 2025-11-20 04:09
VLAI?
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [ricardobrito](https://hackerone.com/ricardobrito) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:16.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "gitlab",
"vendor": "gitlab",
"versions": [
{
"lessThan": "16.2.8",
"status": "affected",
"version": "16.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:16.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "gitlab",
"vendor": "gitlab",
"versions": [
{
"lessThan": "16.4.1",
"status": "affected",
"version": "16.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:16.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "gitlab",
"vendor": "gitlab",
"versions": [
{
"lessThan": "16.3.5",
"status": "affected",
"version": "16.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4532",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:37:07.802802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:03:34.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #423357",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423357"
},
{
"name": "HackerOne Bug Bounty Report #2084199",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2084199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.8",
"status": "affected",
"version": "16.2",
"versionType": "semver"
},
{
"lessThan": "16.3.5",
"status": "affected",
"version": "16.3",
"versionType": "semver"
},
{
"lessThan": "16.4.1",
"status": "affected",
"version": "16.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ricardobrito](https://hackerone.com/ricardobrito) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:43.683Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #423357",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423357"
},
{
"name": "HackerOne Bug Bounty Report #2084199",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2084199"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.4.1, 16.3.5, 16.2.8 or above."
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4532",
"datePublished": "2023-09-29T06:02:01.299Z",
"dateReserved": "2023-08-25T07:01:10.482Z",
"dateUpdated": "2025-11-20T04:09:43.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4522 (GCVE-0-2023-4522)
Vulnerability from – Published: 2023-08-30 07:01 – Updated: 2025-11-20 04:09
VLAI?
Title
Improper Validation of Specified Type of Input in GitLab
Summary
An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.
Severity ?
4.3 (Medium)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [cryptopone](https://hackerone.com/cryptopone) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:17:31.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #406817",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406817"
},
{
"name": "HackerOne Bug Bounty Report #1937213",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/1937213"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [cryptopone](https://hackerone.com/cryptopone) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:38.263Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #406817",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406817"
},
{
"name": "HackerOne Bug Bounty Report #1937213",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/1937213"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.2 or above."
}
],
"title": "Improper Validation of Specified Type of Input in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4522",
"datePublished": "2023-08-30T07:01:19.117Z",
"dateReserved": "2023-08-24T17:01:06.717Z",
"dateUpdated": "2025-11-20T04:09:38.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4317 (GCVE-0-2023-4317)
Vulnerability from – Published: 2023-12-01 07:02 – Updated: 2025-11-20 04:09
VLAI?
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #421846",
"tags": [
"issue-tracking",
"permissions-required",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421846"
},
{
"name": "HackerOne Bug Bounty Report #2089517",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2089517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.4.3",
"status": "affected",
"version": "9.2",
"versionType": "semver"
},
{
"lessThan": "16.5.3",
"status": "affected",
"version": "16.5",
"versionType": "semver"
},
{
"lessThan": "16.6.1",
"status": "affected",
"version": "16.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:33.265Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #421846",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421846"
},
{
"name": "HackerOne Bug Bounty Report #2089517",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2089517"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.4.3, 16.5.3, 16.6.1 or above."
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4317",
"datePublished": "2023-12-01T07:02:03.130Z",
"dateReserved": "2023-08-13T22:01:43.533Z",
"dateUpdated": "2025-11-20T04:09:33.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4018 (GCVE-0-2023-4018)
Vulnerability from – Published: 2023-09-01 10:30 – Updated: 2025-11-20 04:09
VLAI?
Title
Direct Request ('Forced Browsing') in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.
Severity ?
4.3 (Medium)
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [ricardobrito](https://hackerone.com/ricardobrito) for reporting this vulnerability through our HackerOne bug bounty program.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4018",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T13:31:06.799486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T14:33:37.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #420301",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420301"
},
{
"name": "HackerOne Bug Bounty Report #2083440",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2083440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.5",
"status": "affected",
"version": "16.2",
"versionType": "semver"
},
{
"lessThan": "16.3.1",
"status": "affected",
"version": "16.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ricardobrito](https://hackerone.com/ricardobrito) for reporting this vulnerability through our HackerOne bug bounty program."
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:28.335Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #420301",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420301"
},
{
"name": "HackerOne Bug Bounty Report #2083440",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2083440"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.3.1, 16.2.5 or above."
}
],
"title": "Direct Request (\u0027Forced Browsing\u0027) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4018",
"datePublished": "2023-09-01T10:30:41.985Z",
"dateReserved": "2023-07-31T12:30:31.240Z",
"dateUpdated": "2025-11-20T04:09:28.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3994 (GCVE-0-2023-3994)
Vulnerability from – Published: 2023-08-02 00:06 – Updated: 2025-11-20 04:09
VLAI?
Title
Inefficient Regular Expression Complexity in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.
Severity ?
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [ryhmnlfj](https://hackerone.com/ryhmnlfj) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #416225",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416225"
},
{
"name": "HackerOne Bug Bounty Report #1963255",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/1963255"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3994",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:42:16.495069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:42:41.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.0.8",
"status": "affected",
"version": "9.3",
"versionType": "semver"
},
{
"lessThan": "16.1.3",
"status": "affected",
"version": "16.1",
"versionType": "semver"
},
{
"lessThan": "16.2.2",
"status": "affected",
"version": "16.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ryhmnlfj](https://hackerone.com/ryhmnlfj) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:23.305Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #416225",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416225"
},
{
"name": "HackerOne Bug Bounty Report #1963255",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/1963255"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."
}
],
"title": "Inefficient Regular Expression Complexity in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3994",
"datePublished": "2023-08-02T00:06:50.342Z",
"dateReserved": "2023-07-28T09:01:26.489Z",
"dateUpdated": "2025-11-20T04:09:23.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3979 (GCVE-0-2023-3979)
Vulnerability from – Published: 2023-09-29 06:02 – Updated: 2025-11-20 04:09
VLAI?
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T14:04:09.768079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T14:04:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #419972",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972"
},
{
"name": "HackerOne Bug Bounty Report #2082560",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2082560"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.8",
"status": "affected",
"version": "10.6",
"versionType": "semver"
},
{
"lessThan": "16.3.5",
"status": "affected",
"version": "16.3",
"versionType": "semver"
},
{
"lessThan": "16.4.1",
"status": "affected",
"version": "16.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request\u2019s source branch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:18.297Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #419972",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972"
},
{
"name": "HackerOne Bug Bounty Report #2082560",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2082560"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 16.4.1, 16.3.5, 16.2.8"
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3979",
"datePublished": "2023-09-29T06:02:06.310Z",
"dateReserved": "2023-07-27T18:01:01.568Z",
"dateUpdated": "2025-11-20T04:09:18.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3964 (GCVE-0-2023-3964)
Vulnerability from – Published: 2023-12-01 07:02 – Updated: 2025-11-20 04:09
VLAI?
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #419857",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419857"
},
{
"name": "HackerOne Bug Bounty Report #2037316",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2037316"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3964",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T02:22:14.694015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T02:22:32.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.4.3",
"status": "affected",
"version": "13.2",
"versionType": "semver"
},
{
"lessThan": "16.5.3",
"status": "affected",
"version": "16.5",
"versionType": "semver"
},
{
"lessThan": "16.6.1",
"status": "affected",
"version": "16.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:13.257Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #419857",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419857"
},
{
"name": "HackerOne Bug Bounty Report #2037316",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2037316"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 16.4.3, 16.5.3, or 16.6.1"
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3964",
"datePublished": "2023-12-01T07:02:18.158Z",
"dateReserved": "2023-07-26T22:30:27.029Z",
"dateUpdated": "2025-11-20T04:09:13.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3950 (GCVE-0-2023-3950)
Vulnerability from – Published: 2023-09-01 10:30 – Updated: 2025-11-20 04:09
VLAI?
Title
Cleartext Storage of Sensitive Information in GitLab
Summary
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.
Severity ?
5.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T13:26:30.561894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:41:46.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #419675",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675"
},
{
"name": "HackerOne Bug Bounty Report #2079154",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2079154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.5",
"status": "affected",
"version": "16.2",
"versionType": "semver"
},
{
"lessThan": "16.3.1",
"status": "affected",
"version": "16.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:08.266Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #419675",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675"
},
{
"name": "HackerOne Bug Bounty Report #2079154",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2079154"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 16.2.5 or 16.3.1"
}
],
"title": "Cleartext Storage of Sensitive Information in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3950",
"datePublished": "2023-09-01T10:30:46.990Z",
"dateReserved": "2023-07-25T17:30:22.877Z",
"dateUpdated": "2025-11-20T04:09:08.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3949 (GCVE-0-2023-3949)
Vulnerability from – Published: 2023-12-01 07:02 – Updated: 2025-11-20 04:09
VLAI?
Title
Insertion of Sensitive Information Into Sent Data in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.
Severity ?
5.3 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #419664",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419664"
},
{
"name": "HackerOne Bug Bounty Report #2079374",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2079374"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3949",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T16:38:37.303405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:16:50.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.4.3",
"status": "affected",
"version": "11.3",
"versionType": "semver"
},
{
"lessThan": "16.5.3",
"status": "affected",
"version": "16.5",
"versionType": "semver"
},
{
"lessThan": "16.6.1",
"status": "affected",
"version": "16.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects\u0027 release descriptions via an atom endpoint when release access on the public was set to only project members."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:09:03.271Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #419664",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419664"
},
{
"name": "HackerOne Bug Bounty Report #2079374",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2079374"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 16.4.3, 16.5.3 or 16.6.1"
}
],
"title": "Insertion of Sensitive Information Into Sent Data in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3949",
"datePublished": "2023-12-01T07:02:13.130Z",
"dateReserved": "2023-07-25T16:06:09.992Z",
"dateUpdated": "2025-11-20T04:09:03.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3932 (GCVE-0-2023-3932)
Vulnerability from – Published: 2023-08-03 04:01 – Updated: 2025-11-20 04:08
VLAI?
Title
Incorrect User Management in GitLab
Summary
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.
Severity ?
5.3 (Medium)
CWE
- CWE-286 - Incorrect User Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [vaib25vicky](https://hackerone.com/vaib25vicky) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3932",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T13:25:44.895120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:14:46.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #417594",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417594"
},
{
"name": "HackerOne Bug Bounty Report #2057633",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2057633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.0.8",
"status": "affected",
"version": "13.12",
"versionType": "semver"
},
{
"lessThan": "16.1.3",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "16.2.2",
"status": "affected",
"version": "16.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [vaib25vicky](https://hackerone.com/vaib25vicky) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-286",
"description": "CWE-286: Incorrect User Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:08:58.262Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #417594",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417594"
},
{
"name": "HackerOne Bug Bounty Report #2057633",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2057633"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."
}
],
"title": "Incorrect User Management in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3932",
"datePublished": "2023-08-03T04:01:58.186Z",
"dateReserved": "2023-07-25T11:01:19.577Z",
"dateUpdated": "2025-11-20T04:08:58.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
displaying 51 - 60 organizations in total 1258