Today we are releasing versions 16.4.1, 16.3.5, and 16.2.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version.

GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our security FAQ. You can see all of our regular and security release blog posts here. In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched.

We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host customer data are held to the highest security standards. As part of maintaining good security hygiene, it is highly recommended that all customers upgrade to the latest security release for their supported version. You can read more best practices in securing your GitLab instance in our blog post.

Recommended Action

We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.

When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.

Table of Fixes

Title	Severity
Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project	high
Group import allows impersonation of users in CI pipelines	high
Developers can bypass code owners approval by changing a MR's base branch	high
Leaking source code of restricted project through a fork	medium
Third party library Consul requires enable-script-checks to be False to enable patch	medium
Service account not deleted when namespace is deleted allowing access to internal projects	medium
Enforce SSO settings bypassed for public projects for Members without identity	medium
Removed project member can write to protected branches	medium
Unauthorised association of CI jobs for Machine Learning experiments	medium
Force pipelines to not have access to protected variables and will likely fail using tags	medium
Maintainer can create a fork relationship between existing projects	medium
Disclosure of masked CI variables via processing CI/CD configuration of forks	medium
Asset Proxy Bypass using non-ASCII character in asset URI	low
Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches	low
Removed Developer can continue editing the source code of a public project	low
A project reporter can leak owner's Sentry instance projects	low
Math rendering in markdown can escape container and hijack clicks	low

Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. This is a high severity issue (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N, 8.2). It is now mitigated in the latest release and is assigned CVE-2023-5207.

Thanks joaxcar for reporting this vulnerability through our HackerOne bug bounty program.

Group import allows impersonation of users in CI pipelines

Two issues have been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. These are a high severity issues (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N, 8.2). They are now mitigated in the latest release and are assigned CVE-2023-5106.

These issues have been discovered internally by GitLab team member Joern Schneeweisz.

Developers can bypass code owners approval by changing a MR's base branch

An issue has been discovered in GitLab EE affecting all versions starting 15.3 prior to prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. This is a high severity issue (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N, 8.1). It is now mitigated in the latest release and is assigned CVE-2023-4379.

This issue was reported by a customer.

Leaking source code of restricted project through a fork

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that an unauthorised user to fork a public project. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, 6.5). It is now mitigated in the latest release and is assigned CVE-2023-3413.

Thanks shells3c for reporting this vulnerability through our HackerOne bug bounty program.

Third party library Consul requires enable-script-checks to be False to enable patch

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This only affects GitLab-EE. This is a medium severity issue (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N, 5.9). It is now mitigated in the latest release and is assigned CVE-2023-5332.

This issue was reported by a customer.

Service account not deleted when namespace is deleted allowing access to internal projects

A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N, 5.4). It is now mitigated in the latest release and is assigned CVE-2023-3914.

Thanks joaxcar for reporting this vulnerability through our HackerOne bug bounty program.

Enforce SSO settings bypassed for public projects for Members without identity

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N, 5.4). It is now mitigated in the latest release and is assigned CVE-2023-3115.

Thanks theluci for reporting this vulnerability through our HackerOne bug bounty program.

Removed project member can write to protected branches

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, 4.3). It is now mitigated in the latest release and is assigned CVE-2023-5198.

Thanks theluci for reporting this vulnerability through our HackerOne bug bounty program.

Unauthorised association of CI jobs for Machine Learning experiments

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, 4.3). It is now mitigated in the latest release and is assigned CVE-2023-4532.

Thanks ricardobrito for reporting this vulnerability through our HackerOne bug bounty program.

Force pipelines to not have access to protected variables and will likely fail using tags

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, 4.3). It is now mitigated in the latest release and is assigned CVE-2023-3917.

Thanks js_noob for reporting this vulnerability through our HackerOne bug bounty program.

Maintainer can create a fork relationship between existing projects

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, 4.3). It is now mitigated in the latest release and is assigned CVE-2023-3920.

Thanks theluci for reporting this vulnerability through our HackerOne bug bounty program.

Disclosure of masked CI variables via processing CI/CD configuration of forks

An information disclosure issue in GitLab CE/EE affecting all versions from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, 4.3). It is now mitigated in the latest release and is assigned CVE-2023-0989.

Thanks shells3c for reporting this vulnerability through our HackerOne bug bounty program.

Asset Proxy Bypass using non-ASCII character in asset URI

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. This is a low severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N, 3.5). It is now mitigated in the latest release and is assigned CVE-2023-3906.

Thanks afewgoats for reporting this vulnerability through our HackerOne bug bounty program.

Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches

An issue has been discovered in GitLab EE affecting all versions starting from X.Y before 16.X, all versions starting from 16.X before 16.X. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted the permission through a group. This is a low severity issue (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N, 3.1). It is now mitigated in the latest release and is assigned CVE-2023-4658.

Thanks theluci for reporting this vulnerability through our HackerOne bug bounty program.

Removed Developer can continue editing the source code of a public project

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. . This is a low severity issue (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N, 3.1). It is now mitigated in the latest release and is assigned CVE-2023-3979.

Thanks theluci for reporting this vulnerability through our HackerOne bug bounty program.

A project reporter can leak owner's Sentry instance projects

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.x8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4.0 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects. This is a low severity issue (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N, 3.1). It is now mitigated in the latest release and is assigned CVE-2023-2233.

Thanks js_noob for reporting this vulnerability through our HackerOne bug bounty program.

Math rendering in markdown can escape container and hijack clicks

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. This is a low severity issue (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L, 3.0). It is now mitigated in the latest release and is assigned CVE-2023-3922.

Thanks ammar2 for reporting this vulnerability through our HackerOne bug bounty program.

Update Exiftool

Exiftool has been updated to version 1.12 in order to mitigate security issues.

Update Mattermost

Mattermost has been updated to version 8.1.2 in order to mitigate security issues.

Update Auto deploy image

Auto deploy image has been updated to version 2.55.0 in order to mitigate security issues.

Non Security Patches

16.3.5

• Backport disable v1 package metadata sync

Updating

To update GitLab, see the Update page. To update Gitlab Runner, see the Updating the Runner page.

Receive Security Release Notifications

To receive security release blog notifications delivered to your inbox, visit our contact us page. To receive release notifications via RSS, subscribe to our security release RSS feed or our RSS feed for all releases.