6.6 CVE-2023-3441

Exploit
 

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.
https://nvd.nist.gov/vuln/detail/CVE-2023-3441

Categories

CWE-213 : Exposure of Sensitive Information Due to Incompatible Policies
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Script calls phpinfo() Product lists DLLs and full pathnames. Telnet protocol allows servers to obtain sensitive environment information from clients. Telnet protocol allows servers to obtain sensitive environment information from clients.

CWE-NVD-noinfo

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* >= 8.0.0 < 16.4.0
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* >= 8.0.0 < 16.4.0


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
https://gitlab.com/gitlab-org/gitlab/-/issues/416482
https://gitlab.com/gitlab-org/gitlab/-/issues/417284


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry