CVE-2023-2589

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2589
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2589.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-2589
Aliases
Published
2023-06-07T17:15:10Z
Modified
2024-10-12T11:12:02.812755Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
280a09dbca836a6eedf5da1e63953fe8da44bf4c
Fixed
a1daac1686c9dad556b2fa9324f107fb72eae066

Affected versions

v16.*

v16.0.0-ee
v16.0.1-ee