An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/423835 | Broken Link Vendor Advisory |
https://hackerone.com/reports/2104540 | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-01T07:01:58.125Z
Updated: 2023-12-01T07:01:58.125Z
Reserved: 2023-08-31T05:30:28.470Z
Link: CVE-2023-4658
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-01T07:15:10.807
Modified: 2023-12-06T19:22:50.170
Link: CVE-2023-4658
JSON object: View
Redhat Information
No data.