cve/2023/CVE-2023-3920.md

### [CVE-2023-3920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3920)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=11.2%3C%2016.2.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%3A%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen)

### Description

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.

### POC

#### Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/417481

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-3920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3920)`
			`![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=11.2%3C%2016.2.8%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%3A%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen)`

			`### Description`

			`An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.`

			`### POC`

			`#### Reference`
			`- https://gitlab.com/gitlab-org/gitlab/-/issues/417481`

			`#### Github`
			`No PoCs found on GitHub currently.`