Unrated severityNVD Advisory· Published Sep 11, 2023· Updated Apr 21, 2026
Missing Authorization in GitLab
CVE-2023-4630
Description
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 10.6
- (no CPE)range: >=10.6, <16.1.5; >=16.2, <16.2.5; >=16.3, <16.3.1
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/415117mitreissue-trackingpermissions-required
News mentions
1- GitLab Security Release: 16.3.1, 16.2.5, and 16.1.5GitLab Security Releases · Aug 31, 2023