CVE-2023-5198 — Vulnetix

CVE-2023-5198 PUBLISHED

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.

EPSS 0.05% · 16.0th percentile

Risk Scores

EPSS Score

0.05%

16.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	0, 16.4.0, 16.3.0
Bitnami	gitlab	0, 16.3.0, 16.4.0

Timeline

Jan 21, 1970 Security Advisory
Sep 28, 2023 CVE Published
Sep 29, 2023 EPSS Score
Oct 31, 2023 EPSS Score
Dec 2, 2023 EPSS Score
Jan 2, 2024 EPSS Score
Feb 3, 2024 EPSS Score
Mar 6, 2024 EPSS Score
Apr 7, 2024 EPSS Score
May 9, 2024 EPSS Score
Jun 9, 2024 EPSS Score
Jul 11, 2024 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/416957 url
https://hackerone.com/reports/2041789 url
https://nvd.nist.gov/vuln/detail/CVE-2023-5198 url

Open in Interactive Console →