CVE-2023-1071
First published: Wed Apr 05 2023(Updated: )
An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=15.5.0<15.8.5 | |
| GitLab | >=15.5.0<15.8.5 | |
| GitLab | >=15.9.0<15.9.4 | |
| GitLab | >=15.9.0<15.9.4 | |
| GitLab | =15.10.0 | |
| GitLab | =15.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1071?
CVE-2023-1071 has been classified as a medium severity vulnerability due to improper permission checks.
How do I fix CVE-2023-1071?
To fix CVE-2023-1071, upgrade GitLab to versions 15.8.5, 15.9.4, or 15.10.1 or later.
Who is affected by CVE-2023-1071?
CVE-2023-1071 affects all GitLab versions from 15.5 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1.
What type of access does CVE-2023-1071 exploit?
CVE-2023-1071 exploits improper permissions, allowing unauthorized users to remove issues from epics.
Is CVE-2023-1071 a critical vulnerability?
No, CVE-2023-1071 is considered a medium severity vulnerability, not critical.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/description
- agent/severity
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/gitlab
- canonical/gitlab
- version/gitlab/15.5.0
- version/gitlab/15.9.0
- version/gitlab/15.10.0