CVE-2023-0485

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0485

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0485.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0485

Aliases

BIT-gitlab-2023-0485

Related

UBUNTU-CVE-2023-0485

Published

2023-05-03T21:15:16Z

Modified

2025-02-18T20:43:36Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

47f41a4a74f364c731aafd34a93bddb630f62230

Fixed

b46679ba4f4f80f63501a36d605e4691090384f4