Improper access control in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2023-6051

 

Improper access control in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2023-6051

Published: December 14, 2023


Vulnerability identifier: #VU84415
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-6051
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
GitLab Enterprise Edition

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the GitLab web interface does not ensure the integrity of information when downloading the source code from installation packages or tags. A remote user can compromise file integrity of the target application.


How to mitigate CVE-2023-6051

Install updates from vendor's website.

Sources