CVE-2023-1167

Description

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

How to fix CVE-2023-1167

To remediate CVE-2023-1167, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 15.8.5 or later

Is CVE-2023-1167 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 12.3.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (3)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1167.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/392715
WEBnvd.nist.gov/vuln/detail/CVE-2023-1167