CVE-2023-1417
First published: Wed Apr 05 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=15.9.0<15.9.4 | |
| GitLab | >=15.9.0<15.9.4 | |
| GitLab | =15.10.0 | |
| GitLab | =15.10.0 | |
| >=15.9.0<15.9.4 | ||
| >=15.9.0<15.9.4 | ||
| =15.10.0 | ||
| =15.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1417?
CVE-2023-1417 has been classified as a moderate severity vulnerability.
How do I fix CVE-2023-1417?
To mitigate CVE-2023-1417, update GitLab to version 15.9.4 or 15.10.1 or later.
Who is affected by CVE-2023-1417?
CVE-2023-1417 affects all GitLab versions starting from 15.9 before 15.9.4 and all versions starting from 15.10 before 15.10.1.
What kind of issue does CVE-2023-1417 describe?
CVE-2023-1417 describes a vulnerability that allows unauthorized users to add child epics to a victim's epic in unrelated groups.
When was CVE-2023-1417 discovered?
CVE-2023-1417 was discovered and reported in early 2023.
- agent/type
- agent/references
- agent/author
- agent/description
- agent/severity
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/gitlab
- canonical/gitlab
- version/gitlab/15.9.0
- version/gitlab/15.10.0