PT-2023-8248 · Gitlab · Gitlab Remote Development+1

Chad Woolley

Publicado

2023-12-19

Atualizado

2024-10-08

CVE-2023-6955

CVSS v3.1

6.6

Média

Vetor

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab Remote Development versions prior to 16.5.6 GitLab Remote Development version 16.6 prior to 16.6.4 GitLab Remote Development version 16.7 prior to 16.7.2

Description The issue is related to improper access control in GitLab Remote Development, allowing an attacker to create a workspace in one group associated with an agent from another group. This can be exploited by a remote attacker to elevate their privileges.

Recommendations For GitLab Remote Development versions prior to 16.5.6, update to version 16.5.6 or later. For GitLab Remote Development version 16.6 prior to 16.6.4, update to version 16.6.4 or later. For GitLab Remote Development version 16.7 prior to 16.7.2, update to version 16.7.2 or later.

Exploit

Correção

Improper Access Control

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-264CWE-862

Identificadores relacionados

BDU:2024-00285

BIT-GITLAB-2023-6955

CVE-2023-6955

Produtos afetados

Gitlab

Gitlab Remote Development

PT-2023-8248 · Gitlab · Gitlab Remote Development+1

CVE-2023-6955

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22