CVE-2023-4998

Name of the Vulnerable Software and Affected Versions GitLab versions 13.12 through 16.2.7 GitLab versions 16.3 through 16.3.4

Description A critical vulnerability in GitLab allows attackers to run pipelines as other users, potentially granting access to internal repositories and closed projects. This issue affects both GitLab Community Edition (CE) and Enterprise Edition (EE). Approximately 381,399 results are affected. The vulnerability can be exploited through the application of scheduled security scan policies, enabling an attacker to execute pipeline jobs in the context of another user.

Recommendations For GitLab versions 13.12 through 16.2.7, update to version 16.2.7 or later. For GitLab versions 16.3 through 16.3.4, update to version 16.3.4 or later. As a temporary workaround, consider restricting the use of scheduled security scan policies until a patch is applied.