How severe is CVE-2023-4008?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-4008?

This is classified as CWE-708, which is a common weakness in software security.

CVE-2023-4008 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

Related Vulnerabilities

CVE-2021-32726

CRITICAL

CVSS:9.8(Critical)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused ...

CWE-7082021

CVE-2021-32726

CRITICAL

CVSS:9.8(Critical)

CWE-7082021

CVE-2022-33737

HIGH

CVSS:7.5(High)

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password

CWE-7082022

CVE-2024-9633

HIGH

CVSS:7.5(High)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This...

CWE-7082024

CVE-2023-20044

HIGH

CVSS:7.3(High)

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit t...

CWE-7082023

CVE-2023-20043

MEDIUM

CVSS:6.7(Medium)

CWE-7082023