Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-6477

Опубликовано: 22 фев. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.7

Описание

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

ignored

not maintainable
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

trusty

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 1%
0.00009
Низкий

6.7 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-6477

CVSS3: 6.7
nvd
больше 1 года назад

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

debian логотип

CVE-2023-6477

CVSS3: 6.7
debian
больше 1 года назад

An issue has been discovered in GitLab EE affecting all versions start ...

github логотип

GHSA-x645-349v-xwm6

CVSS3: 6.7
github
больше 1 года назад

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

fstec логотип

BDU:2024-01631

CVSS3: 6.7
fstec
больше 1 года назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 1%
0.00009
Низкий

6.7 Medium

CVSS3