CVE-2023-3914

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 29, 2023
Updated: Oct 3, 2023
CWE ID 840

Summary

CVE-2023-3914 is a business logic error in GitLab EE, affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, which allows access to internal projects. The vulnerability occurs because a service account is not deleted when a namespace is deleted, thereby granting unauthorized access to internal projects. This vulnerability poses a medium risk with a base severity rating of 5.4 and an exploitability score of 2.8. The privileges required for exploitation are low and there is no user interaction required, making it accessible over the network. The impact on integrity and confidentiality is low, and the attack complexity is also low. To remediate the vulnerability, users should update GitLab EE to version 16.2.8, 16.3.5, or 16.4.1 or later versions that address the issue. Note: The analysis_description field provided no information in this case, so it was excluded from the report as per the instructions given in the prompt statement.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-3914 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options