CVE-2023-4002: 
GitLab vulnerability analysis and mitigation

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies (GitLab Release).

The vulnerability stems from the securityPolicyProjectAssign mutation not properly authorizing its securityPolicyProjectId parameter. This security issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability was discovered internally by GitLab team member bauerdominic (GitLab Release).

The vulnerability allows EE-licensed users to access and view security policies from projects they shouldn't have access to by linking any security policy project by its ID to projects or groups they have access to. This could lead to unauthorized disclosure of sensitive security policy configurations (GitLab Release).

The vulnerability has been fixed in GitLab versions 16.0.8, 16.1.3, and 16.2.2. Users are strongly recommended to upgrade to one of these patched versions immediately. GitLab.com has already been updated to run the patched version (GitLab Release).