VDB
CVE-2023-4812
CVE-2023-4812
PUBLISHED
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.
EPSS 0.01% · 1.2th percentile
Risk Scores
EPSS Score
0.01%
1.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 15.3.0, 16.6.0, 16.7.0 |
| Bitnami | gitlab | 16.6.0, 16.7.0, 15.3.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-4812 (circl-sighting)
- CIRCL seen: CVE-2023-4812 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-4812 (circl-sighting)
- CIRCL seen: CVE-2023-4812 (circl-sighting)
- CIRCL seen: CVE-2023-4812 (circl-sighting)
- GitLab Issue #424398 (circl)
- https://hackerone.com/reports/2115574 (osv)
Timeline
- Jan 11, 2024 CVE Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 15, 2024 PoC Published
- Jan 15, 2024 PoC Published
- Jan 17, 2024 EPSS Score
- Feb 2, 2024 PoC Published
- Feb 14, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- May 8, 2024 EPSS Score
- Jun 5, 2024 EPSS Score