CVE-2023-1167
Published Apr 5, 2023
Last updated 2 years ago
Overview
- Description
- Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-862
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCE75D34-B6C7-4275-9630-8AEEFE40263A",
"versionEndExcluding": "15.8.5",
"versionStartIncluding": "12.3.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E10FDADF-D6E5-402E-8834-F9BD274FBE2D",
"versionEndExcluding": "15.9.4",
"versionStartIncluding": "15.9.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D831DA8-EE49-41A1-AE77-E8B51E8458A4"
}
],
"operator": "OR"
}
]
}
]