admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-3964.md
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

18 lines
867 B
Markdown
Raw Blame History

### [CVE-2023-3964](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3964)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=13.2%3C%2016.4.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen)
### Description
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.
### POC
#### Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/419857
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue View Git Blame Copy Permalink