CVE-2023-2589

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jun 7, 2023

Updated: Jan 7, 2025

CWE ID 346

Summary

CVE-2023-2589 is a vulnerability affecting GitLab Enterprise Edition (EE) versions 12.0 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2. This issue allows an unauthorized user from a disallowed IP address to clone a repository from a public project, bypassing the IP restrictions set by the top-level group. This could potentially lead to sensitive data being exposed. Attackers can take advantage of this vulnerability to gain unauthorized access to the repository and its contents. GitLab strongly advises users to upgrade to the latest patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rhfCsF
https://www.cve.org/CVERecord?id=CVE-2023-2589
https://nvd.nist.gov/vuln/detail/CVE-2023-2589

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2023-2589

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations