CVE-2023-3115
MEDIUMGitLab EE <16.2.8-16.4.1 - Info Disclosure
Title source: llmDescription
An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.
Scores
CVSS v3
5.4
EPSS
0.0004
EPSS Percentile
11.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Classification
CWE
CWE-286
Status
published
Affected Products (4)
gitlab/gitlab
< 16.2.8
gitlab/gitlab
< 16.2.8
gitlab/gitlab
gitlab/gitlab
Timeline
Published
Sep 29, 2023
Tracked Since
Feb 18, 2026