CVE-2023-3914 - OpenCVE

A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.4.0::::enterprise:::

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/418115	Broken Link
https://hackerone.com/reports/2040822	Permissions Required

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2023-09-29T06:02:21.304Z

Updated: 2023-09-29T06:02:21.304Z

Reserved: 2023-07-25T10:30:31.597Z

Link: CVE-2023-3914

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-29T07:15:13.380

Modified: 2023-10-03T15:31:20.073

Link: CVE-2023-3914

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3914", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-07-25T10:30:31.597Z", "datePublished": "2023-09-29T06:02:21.304Z", "dateUpdated": "2023-09-29T06:02:21.304Z"}, "containers": {"cna": {"title": "Business Logic Errors in GitLab", "descriptions": [{"lang": "en", "value": "A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "versions": [{"version": "0", "status": "affected", "lessThan": "16.2.8", "versionType": "semver"}, {"version": "16.3", "status": "affected", "lessThan": "16.3.5", "versionType": "semver"}, {"version": "16.4", "status": "affected", "lessThan": "16.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-840: Business Logic Errors", "cweId": "CWE-840", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115", "name": "GitLab Issue #418115", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2040822", "name": "HackerOne Bug Bounty Report #2040822", "tags": ["technical-description", "exploit"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 16.4.1, 16.3.5 or 16.2.8"}], "credits": [{"lang": "en", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-09-29T06:02:21.304Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CC944069-5F94-4E2A-A13F-5D070BA4E5EB", "versionEndExcluding": "16.2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects."}, {"lang": "es", "value": "Un error de l\u00f3gica de negocios en GitLab EE que afecta a todas las versiones anteriores a 16.2.8, 16.3 anterior a 16.3.5 y 16.4 anterior a 16.4.1 permite el acceso a proyectos internos. Una cuenta de servicio no se elimina cuando se elimina un espacio de nombres, lo que permite el acceso a proyectos internos."}], "id": "CVE-2023-3914", "lastModified": "2023-10-03T15:31:20.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-09-29T07:15:13.380", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2040822"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-840"}], "source": "cve@gitlab.com", "type": "Secondary"}]}