First published: Fri Sep 29 2023(Updated: )
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=11.8<16.2.8 | |
GitLab GitLab | >=11.8<16.2.8 | |
GitLab GitLab | >=16.3.0<16.3.5 | |
GitLab GitLab | >=16.3.0<16.3.5 | |
GitLab GitLab | =16.4.0 | |
GitLab GitLab | =16.4.0 |
Upgrade to versions 16.2.x, 16.3.x, 16.4.x or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2233 is an improper authorization issue discovered in GitLab CE/EE affecting certain versions.
The severity of CVE-2023-2233 is medium with a CVSS score of 4.3.
CVE-2023-2233 allows a project reporter to leak the owner's Sentry instance projects in certain versions of GitLab CE/EE.
CVE-2023-2233 affects all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1 of GitLab CE/EE.
To fix CVE-2023-2233, it is recommended to upgrade GitLab CE/EE to version 16.2.8, 16.3.5, or 16.4.1 or later.