CVE-2023-4379
Incorrect Authorization in GitLab
7.5
HIGH
CVSS 3.1
EPSS 0.01%
Description
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.
How to fix CVE-2023-4379
To remediate CVE-2023-4379, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 16.2.8 or later
Is CVE-2023-4379 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 15.3.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |