CVE-2023-6564

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-6564
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6564.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6564
Aliases
Downstream
Published
2024-02-08T11:30:52.438Z
Modified
2026-04-10T05:07:39.854764Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Incorrect Authorization in GitLab
Details

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6564.json",
    "cwe_ids": [
        "CWE-863"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7de773390b4ddc765d102467a62e607aa9cfe1aa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8583797ef98a5141565e83105e55b0b124e60aaa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9aa991a5ee9f61bd890d5c9cbf57c665ff115e70
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.4.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.5.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.6.1"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v1.*
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2
v16.*
v16.4.0-ee
v16.4.0-rc42-ee
v16.4.0-rc43-ee
v16.4.3-ee
v16.5.0-ee
v16.5.0-rc42-ee
v16.5.0-rc43-ee
v16.5.2-ee
v16.5.3-ee
v16.6.0-ee
v16.6.0-rc42-ee
v16.6.0-rc43-ee
v16.6.0-rc44-ee
v16.6.1-ee
v2.*
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v4.*
v4.0.0
v4.0.0rc1
v4.0.0rc2
v5.*
v5.0.0
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6564.json"