Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-2576

HistoryJul 13, 2023 - 3:15 a.m.

CVE-2023-2576

2023-07-1303:15:09

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-2576

gitlab

security vulnerability

protected branch

codeowners rules

unix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.4%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab< 15.11.11+ds1-1gitlab_15.11.11+ds1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	< 15.11.11+ds1-1	gitlab_15.11.11+ds1-1_all.deb

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for DEBIANCVE:CVE-2023-2576