CVE-2023-3509

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-3509
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3509.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-3509
Aliases
Related
Published
2024-02-21T23:15:08Z
Modified
2025-01-14T12:08:32.123182Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1e912d57d5a8f1135f4d41e25469069790134d41
Last affected
39213e8fab4a70aa7cf64bb1c75012bb11fd7b15
Last affected
76326ae8b898b38c8217ad037ed7122be00e62f0
Last affected
c8f3448a2f0cfb3c812fc4619e0f16bc3feb133b

Affected versions

v16.*

v16.8.0-ee
v16.8.1-ee
v16.8.2-ee
v16.8.3-ee