CVE-2023-2022 — Vulnetix

CVE-2023-2022 PUBLISHED

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

EPSS 0.12% · 31.2th percentile

Risk Scores

EPSS Score

0.12%

31.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	0, 16.1.0, 16.2.0
Bitnami	gitlab	0, 16.1.0, 16.2.0

Timeline

Aug 1, 2023 CVE Published
Aug 2, 2023 CVE Updated
Aug 3, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 10, 2023 EPSS Score
Nov 12, 2023 EPSS Score
Dec 16, 2023 EPSS Score
Jan 19, 2024 EPSS Score
Feb 22, 2024 EPSS Score
Mar 26, 2024 EPSS Score
Apr 29, 2024 EPSS Score
Jun 2, 2024 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/407166 url
https://hackerone.com/reports/1936572 url
https://nvd.nist.gov/vuln/detail/CVE-2023-2022 url

Open in Interactive Console →