CVE-2023-1167
First published: Wed Apr 05 2023(Updated: )
Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=12.3.0<15.8.5 | |
| GitLab | >=15.9.0<15.9.4 | |
| GitLab | =15.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1167?
CVE-2023-1167 has a high severity due to improper authorization that may allow unauthorized access to sensitive security reports.
How do I fix CVE-2023-1167?
To fix CVE-2023-1167, upgrade your GitLab EE version to at least 15.8.5, 15.9.4, or 15.10.1 depending on your current version.
What versions are affected by CVE-2023-1167?
CVE-2023-1167 affects all GitLab EE versions from 12.3.0 before 15.8.5, and all versions from 15.9 before 15.9.4, and from 15.10 before 15.10.1.
What impact does CVE-2023-1167 have on my GitLab instance?
CVE-2023-1167 could lead to unauthorized users gaining access to sensitive security reports within merge requests.
Is there a workaround for CVE-2023-1167?
There are no official workarounds provided for CVE-2023-1167; updating to the fixed versions is recommended.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/description
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/gitlab
- canonical/gitlab
- version/gitlab/12.3.0
- version/gitlab/15.9.0
- version/gitlab/15.10.0