QID 379587

GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software

CVE-2023-3915: Privilege escalation of "external user" to internal access through group service account
CVE-2022-4365: Maintainer can leak sentry token by changing the configured URL (fix bypass)
CVE-2023-4378: Information disclosure via project import endpoint
CVE-2023-3950: Project forking outside current group
CVE-2023-4630: User is capable of creating Model experiment and updating existing run's status in public project
CVE-2022-4343: ReDoS in bulk import API
CVE-2023-4638: Pagination for Branches and Tags can be skipped leading to DoS
CVE-2023-4018: Internal Open Redirection Due to Improper handling of "../" characters
CVE-2023-3205: Subgroup Member With Reporter Role Can Edit Group Labels
CVE-2023-4647: Banned user can delete package registries

Affected Versions:
16.3.0, 16.2.0, 16.2.1, 16.2.2, 16.2.3, 16.2.4, 16.1.0, 16.1.1, 16.1.2, 16.1.3, 16.1.4, and below

QID Detection Logic (Authenticated):(Linux)
The QID checks the contents of /opt/gitlab/version-manifest.txt to check the vulnerable version of GitLab.

Successful exploitation of the vulnerability may lead to Privilege escalation of "external user" to internal access through group service account, Maintainer can leak sentry token by changing the configured URL (fix bypass), Information disclosure via project import endpoint, Project forking outside current group, User is capable of creating Model experiment and updating existing run's status in public project, ReDoS in bulk import API, Pagination for Branches and Tags can be skipped leading to DoS, Internal Open Redirection Due to Improper handling of "../" characters, Subgroup Member With Reporter Role Can Edit Group Labels, Banned user can delete package registries