CVE-2023-3509

LOW

GitLab <16.7.6, <16.8.3, <16.9.1 - Info Disclosure

Title source: llm

Description

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group.

References (2)

[Broken Link, Permissions Required] https://gitlab.com/gitlab-org/gitlab/-/issues/416945

[Permissions Required] https://hackerone.com/reports/2037814

Scores

CVSS v3 3.7

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Classification

CWE

CWE-863

Status published

Affected Products (2)

gitlab/gitlab < 16.7.6

gitlab/gitlab

Timeline

Published Feb 21, 2024

Tracked Since Feb 18, 2026