First published: Fri Sep 01 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=15.2.0<16.1.5 | |
GitLab GitLab | >=15.2.0<16.1.5 | |
GitLab GitLab | >=16.2<16.2.5 | |
GitLab GitLab | >=16.2<16.2.5 | |
GitLab GitLab | =16.3.0 | |
GitLab GitLab | =16.3.0 |
Upgrade to versions 16.3.1, 16.2.5, 16.1.5 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1555 is an issue discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.
The severity of CVE-2023-1555 is medium with a CVSS score of 4.3.
CVE-2023-1555 affects GitLab versions 15.2 to 16.1.5, 16.2 to 16.2.5, and 16.3 to 16.3.1.
A namespace-level banned user can access the API due to the vulnerability in GitLab.
You can find more information about CVE-2023-1555 on the GitLab issue page (https://gitlab.com/gitlab-org/gitlab/-/issues/398587) and the HackerOne report (https://hackerone.com/reports/1911908).