6.6 CVE-2023-3441
Exploit
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.
https://nvd.nist.gov/vuln/detail/CVE-2023-3441
Categories
CWE-213 : Exposure of Sensitive Information Due to Incompatible Policies
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Product lists DLLs and full pathnames. Telnet protocol allows servers to obtain sensitive environment information from clients. Telnet protocol allows servers to obtain sensitive environment information from clients.
CWE-NVD-noinfo
References
cve@gitlab.com Exploit
https://gitlab.com/gitlab-org/gitlab/-/issues/416482 Exploit Issue Tracking |
https://gitlab.com/gitlab-org/gitlab/-/issues/417284 Exploit Issue Tracking |
https://hackerone.com/reports/2033561 Permissions Required |
https://hackerone.com/reports/2041385 Permissions Required |
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | >= 8.0.0 | < 16.4.0 |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | >= 8.0.0 | < 16.4.0 |
REMEDIATION
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
No known exploits |
Other Nist (github, ...)
Url |
---|
https://gitlab.com/gitlab-org/gitlab/-/issues/416482 |
https://gitlab.com/gitlab-org/gitlab/-/issues/417284 |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.