VYPR
Unrated severityNVD Advisory· Published Sep 1, 2023· Updated Apr 27, 2026

Direct Request ('Forced Browsing') in GitLab

CVE-2023-4018

Description

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.2
    • (no CPE)range: >=16.2, <16.2.5 || >=16.3, <16.3.1
  • osv-coords
    Range: >= 16.2.0, < 16.2.5

Patches

Vulnerability mechanics

References

2

News mentions

1