CVE-2023-4379

HIGH

GitLab EE <16.2.8-16.4.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.

References (1)

Core 1
Core References
Issue Tracking issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/415496

Scores

CVSS v3 8.1
EPSS 0.0001
EPSS Percentile 2.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (5)
gitlab/gitlab 16.4.0
GitLab/GitLab 15.3 - 16.2.8
gitlab/gitlab 15.3.0 - 16.2.8
GitLab/GitLab 16.3 - 16.3.5
GitLab/GitLab 16.4 - 16.4.1
Published Nov 09, 2023
Tracked Since Feb 18, 2026