CVE-2023-3914

Summary

CVE-2023-3914 is a business logic error in GitLab EE, affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, which allows access to internal projects. The vulnerability occurs because a service account is not deleted when a namespace is deleted, thereby granting unauthorized access to internal projects. This vulnerability poses a medium risk with a base severity rating of 5.4 and an exploitability score of 2.8. The privileges required for exploitation are low and there is no user interaction required, making it accessible over the network. The impact on integrity and confidentiality is low, and the attack complexity is also low. To remediate the vulnerability, users should update GitLab EE to version 16.2.8, 16.3.5, or 16.4.1 or later versions that address the issue. Note: The analysis_description field provided no information in this case, so it was excluded from the report as per the instructions given in the prompt statement.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.