First published: Fri Jul 21 2023(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=12.8.0<15.11.11 | |
GitLab GitLab | >=16.0.0<16.0.7 | |
GitLab GitLab | >=16.1.0<16.1.2 |
Upgrade to versions 15.11.11, 16.0.7, 16.1.2 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-3484 is high.
All versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, and all versions starting from 16.1 before 16.1.2 of GitLab EE are affected.
The vulnerability in CVE-2023-3484 allows an attacker to change the name or path of a public top-level group in certain situations.
Yes, you can find references for CVE-2023-3484 at the following links: [link1](https://hackerone.com/reports/2035687), [link2](https://gitlab.com/gitlab-org/gitlab/-/issues/416773), [link3](https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/)
The CWE ID for CVE-2023-3484 is 840.