CVE-2023-3509

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-3509

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3509.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3509

Aliases

BIT-gitlab-2023-3509

Downstream

UBUNTU-CVE-2023-3509

Published

2024-02-21T22:57:15.488Z

Modified

2026-04-10T04:59:46.541688Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Incorrect Authorization in GitLab

Details

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group.

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3509.json",
    "cwe_ids": [
        "CWE-863"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

Fixed

c8f3448a2f0cfb3c812fc4619e0f16bc3feb133b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.7.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1e912d57d5a8f1135f4d41e25469069790134d41

Fixed

39213e8fab4a70aa7cf64bb1c75012bb11fd7b15

Database specific

{
    "versions": [
        {
            "introduced": "16.8"
        },
        {
            "fixed": "16.8.3"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

76326ae8b898b38c8217ad037ed7122be00e62f0

Fixed

cc62007c12dc634c7442a9b1dc94508e50e5dba5

Database specific

{
    "versions": [
        {
            "introduced": "16.9"
        },
        {
            "fixed": "16.9.1"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v16.*

v16.7.0-ee

v16.7.0-rc42-ee

v16.7.0-rc43-ee

v16.7.0-rc44-ee

v16.7.3-ee

v16.8.0-ee

v16.9.0-ee

v16.9.0-rc44-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3509.json"