CVE-2023-6840 - OpenCVE

An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/435500	Issue Tracking Permissions Required
https://hackerone.com/reports/2280292	Permissions Required Technical Description

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2024-02-07T22:02:20.934Z

Updated: 2024-07-05T17:20:46.439Z

Reserved: 2023-12-15T12:02:46.848Z

Link: CVE-2023-6840

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-07T22:15:09.500

Modified: 2024-03-04T20:52:05.890

Link: CVE-2023-6840

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6840", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-12-15T12:02:46.848Z", "datePublished": "2024-02-07T22:02:20.934Z", "dateUpdated": "2024-07-05T17:20:46.439Z"}, "containers": {"cna": {"title": "Improper Access Control in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "versions": [{"version": "16.4", "status": "affected", "lessThan": "16.6.7", "versionType": "semver"}, {"version": "16.7", "status": "affected", "lessThan": "16.7.5", "versionType": "semver"}, {"version": "16.8", "status": "affected", "lessThan": "16.8.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435500", "name": "GitLab Issue #435500", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2280292", "name": "HackerOne Bug Bounty Report #2280292", "tags": ["technical-description", "exploit"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.8.2, 16.7.5, 16.6.7 or above."}], "credits": [{"lang": "en", "value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-02-07T22:02:20.934Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6840", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-08T19:38:30.300454Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:20:46.439Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5A1A9E0E-DFC2-4567-9218-6F7B9FE56F34", "versionEndExcluding": "16.6.7", "versionStartIncluding": "16.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8ECA9350-B77B-41F6-B234-72BF47FD50E7", "versionEndExcluding": "16.7.5", "versionStartIncluding": "16.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FDA190F8-0AAA-44DF-8A6B-A9A4380D478C", "versionEndExcluding": "16.8.2", "versionStartIncluding": "16.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones desde 16.4 anterior a 16.6.7, 16.7 anterior a 16.7.5 y 16.8 anterior a 16.8.2 lo que permite a un fabricante cambiar el nombre de una rama protegida que omite la pol\u00edtica de seguridad agregada para bloquear MR."}], "id": "CVE-2023-6840", "lastModified": "2024-03-04T20:52:05.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.5, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2024-02-07T22:15:09.500", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435500"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required", "Technical Description"], "url": "https://hackerone.com/reports/2280292"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve@gitlab.com", "type": "Secondary"}]}