PT-2023-5661 · Gitlab · Gitlab Ce/Ee+1

Publicado

2023-09-30

Atualizado

2024-10-03

CVE-2023-5207

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GitLab CE and EE versions 16.0 through 16.2.7 GitLab CE and EE versions 16.3 through 16.3.4 GitLab CE and EE versions 16.4 through 16.4.0

Description A vulnerability was discovered in GitLab CE and EE, affecting the control access mechanism. This issue allows an authenticated attacker to perform arbitrary pipeline execution under the context of another user. The vulnerability is related to insufficient control access, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For GitLab CE and EE versions 16.0 through 16.2.7, update to version 16.2.8 or later. For GitLab CE and EE versions 16.3 through 16.3.4, update to version 16.3.5 or later. For GitLab CE and EE versions 16.4 through 16.4.0, update to version 16.4.1 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-250CWE-284

Identificadores relacionados

BDU:2023-06328

BIT-GITLAB-2023-5207

CVE-2023-5207

Produtos afetados

Gitlab

Gitlab Ce/Ee

PT-2023-5661 · Gitlab · Gitlab Ce/Ee+1

CVE-2023-5207

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21