Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2023-3917 CVE-2023-3922 CVE-2023-2233 CVE-2023-3979 CVE-2023-3906 CVE-2023-0989 CVE-2023-3920 CVE-2023-4532 CVE-2023-5198 CVE-2023-3115 CVE-2023-3914 CVE-2023-3413 CVE-2023-4379 CVE-2023-5106 CVE-2023-5207 |
| CWE-ID | CWE-20 CWE-284 CWE-285 CWE-200 CWE-840 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gitlab Community Edition Universal components / Libraries / Software for developers GitLab Enterprise Edition Universal components / Libraries / Software for developers |
| Vendor | GitLab, Inc |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU81303
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3917
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in pipelines. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 16.4.0
GitLab Enterprise Edition: 6.2.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU81312
Risk: Low
CVSSv3.1: 2.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3922
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to an error within math rendering in markdown. A remote user can hijack some links and buttons on the GitLab UI to a malicious page.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.15 - 16.4.0
GitLab Enterprise Edition: 8.15.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Authorization
EUVDB-ID: #VU81311
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2233
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote user can leak the owner's Sentry instance projects.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 11.8.0 - 16.4.0
GitLab Enterprise Edition: 11.8.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU81310
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3979
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user after being removed can continue editing the source code of a public project.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 10.6 - 16.4.0
GitLab Enterprise Edition: 10.6.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU81306
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3906
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the asset proxy. A remote user can craft image urls which bypass the asset proxy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 12.3.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU81305
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0989
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can trick a victim to visit a fork with a malicious CI/CD configuration and extract non-protected CI/CD variables.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.11.0 - 16.4.0
GitLab Enterprise Edition: 13.11.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU81304
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3920
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can create a fork relationship between existing projects contrary to the documentation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 11.2 - 16.4.0
GitLab Enterprise Edition: 11.2.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper access control
EUVDB-ID: #VU81302
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4532
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to unauthorised association of CI jobs for Machine Learning experiments. A remote user can link CI/CD jobs of private projects which they are not a member of.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 16.2.0 - 16.4.0
GitLab Enterprise Edition: 16.2.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper access control
EUVDB-ID: #VU81301
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5198
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user after being removed can write to protected branches using deploy keys .
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 16.4.0
GitLab Enterprise Edition: 6.2.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper access control
EUVDB-ID: #VU81300
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3115
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to single Sign On restrictions are not correctly enforced. A remote user can access public members-only project repositories.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 11.11.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Business Logic Errors
EUVDB-ID: #VU81295
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3914
CWE-ID:
CWE-840 - Business Logic Errors (3.0)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to internal projects.
The vulnerability exists due to a business logic error. A remote user can gain access to internal projects because service account is not deleted when a namespace is deleted.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 6.2.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU81294
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3413
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can fork a public project and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 16.2.0 - 16.4.0
GitLab Enterprise Edition: 16.2.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper access control
EUVDB-ID: #VU81293
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4379
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote administrator can bypass code owners approval by changing a MR's base branch.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 15.3.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU81292
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5106
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to application does not properly impose security restrictions. A remote user can impersonate users in CI pipelines through direct transfer group imports.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 13.12.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper access control
EUVDB-ID: #VU81261
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5207
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can perform arbitrary pipeline execution under the context of another user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 16.0.0 - 16.4.0
External linkshttp://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
