CVE-2023-3511: 
GitLab vulnerability analysis and mitigation

A vulnerability (CVE-2023-3511) was discovered in GitLab Enterprise Edition (EE) affecting all versions from 8.17 before 16.4.4, versions from 16.5 before 16.5.4, and versions from 16.6 before 16.6.2. The vulnerability allows auditor users to fork and submit merge requests to private projects they're not members of, which contradicts the intended read-only access limitation for auditors (GitLab Security, NVD).

The vulnerability is related to improper authorization controls in GitLab's merge request functionality. It has been assigned a CVSS v3.1 base score of 2.0 (LOW) by GitLab Inc. with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N, while the NVD assessment rates it at 3.5 (LOW) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N. The vulnerability specifically affects the auditor role's permissions, allowing them to bypass intended access restrictions (NVD).

The vulnerability allows auditor users to perform actions beyond their intended read-only access permissions. Specifically, they can fork private projects and create merge requests to projects they shouldn't have write access to, potentially impacting project security boundaries and access control mechanisms (GitLab Security).

The vulnerability has been fixed in GitLab versions 16.4.4, 16.5.4, and 16.6.2. Organizations running affected versions should upgrade to one of these patched versions immediately. GitLab.com has already been updated with the patched version (GitLab Security).

The vulnerability was reported through GitLab's bug bounty program on HackerOne by researcher js_noob. GitLab has classified this as a low-severity security issue and addressed it as part of their regular security release cycle (GitLab Security).