Home > Vulnerability Database > CVE-2023-2022

Mend.io Vulnerability Database

CVE-2023-2022

Good to know:

Date: August 2, 2023

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

Language: Ruby

Severity Score

4.3

Related Resources (4)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/407166

Url: https://hackerone.com/reports/1936572

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2022

Url: https://www.mend.io/vulnerability-database/CVE-2023-2022

Severity Score

4.3

Top Fix

Upgrade Version

Upgrade to version v16.0.8,v16.1.3,v16.2.2

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2022

Good to know:

Date: August 2, 2023

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?