Overview
- Description
- An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.
- Source
- cve@gitlab.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- cve@gitlab.com
- CWE-863
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "863E98A5-7F1C-4CFA-A209-19E66F04A718",
"versionEndExcluding": "16.2.8",
"versionStartIncluding": "15.3.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589",
"versionEndExcluding": "16.3.5",
"versionStartIncluding": "16.3.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67"
}
],
"operator": "OR"
}
]
}
]