CVE-2023-3484
Incorrect Authorization in GitLab
6.5
MEDIUM
CVSS 3.1
EPSS 0.11%
Description
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.
How to fix CVE-2023-3484
To remediate CVE-2023-3484, upgrade the affected package to a fixed version below.
- —upgrade to 15.11.11 or later
Is CVE-2023-3484 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 12.8.0, < 15.11.11, >= 16.0.0, < 16.0.7, >= 16.1.0, < 16.1.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |