CVE-2023-3915

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 1, 2023

CWE ID 94

Summary

CVE-2023-3915 is a vulnerability affecting GitLab Enterprise Edition (EE) versions prior to 16.1.5, 16.2.5, and 16.3.1. A security flaw has been identified where an external user, if granted the owner role on any group, can escalate their privileges by creating a service account within that group. This new account will bypass external access restrictions and allow the malicious user to access internal projects on the GitLab instance.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Crocoblock

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sHK0t7
https://www.cve.org/CVERecord?id=CVE-2023-3915
https://nvd.nist.gov/vuln/detail/CVE-2023-3915

Back to Vulnerability Database