CVE-2023-1167

MEDIUM

GitLab 12.3.0-15.8.4, 15.9.0-15.9.3, 15.10.0 - Unauthenticated Security Report Access in Merge Requests

Title source: llm
STIX 2.1

Description

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

Scores

CVSS v3 5.3
EPSS 0.0056
EPSS Percentile 42.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-285 CWE-862
Status published
Products (2)
gitlab/gitlab 15.10.0
gitlab/gitlab 12.3.0 - 15.8.5
Published Apr 05, 2023
Tracked Since Feb 18, 2026