CVE-2023-5198 Vulnerability Details

  /     /     /  

CVE-2023-5198 Metadata Quick Info

CVE Published: 29/09/2023 | CVE Updated: 03/10/2024 | CVE Year: 2023
Source: GitLab | Vendor: GitLab | Product: GitLab
Status : PUBLISHED

---

CVE-2023-5198 Description

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.

Metrics

CVSS Version: 3.1 | Base Score: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-863
CWE Name: CWE-863: Incorrect Authorization
Source: GitLab

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).