CVE-2023-4630 MEDIUM

CVE-2023-4630: Missing Authorization in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-862 · Missing authorization
Published September 11, 2023
Last update June 2, 2026
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.

Key dates

02Disclosure timeline

September 11, 2023 CVE published
June 2, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-41802 WordPress Super Socializer plugin <= 7.13.54 - Broken Access Control vulnerability CVE-2026-3351 Authorization Bypass in LXD GET /1.0/certificates Endpoint CVE-2026-4977 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter CVE-2025-59576 WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability CVE-2025-49377 WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability