CVE-2023-2576

2023-07-1303:15:09

Google

osv.dev

cve-2023-2576

gitlab ce

gitlab ee

versions 13.7-15.11.10

versions 16.0-16.0.6

versions 16.1-16.1.1

protected branch

codeowners rules

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

21.4%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.