PT-2023-5661 · Gitlab · Gitlab Ce/Ee+1

Published

2023-09-30

Updated

2024-10-03

CVE-2023-5207

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GitLab CE and EE versions 16.0 through 16.2.7 GitLab CE and EE versions 16.3 through 16.3.4 GitLab CE and EE versions 16.4 through 16.4.0

Description A vulnerability was discovered in GitLab CE and EE, affecting the control access mechanism. This issue allows an authenticated attacker to perform arbitrary pipeline execution under the context of another user. The vulnerability is related to insufficient control access, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For GitLab CE and EE versions 16.0 through 16.2.7, update to version 16.2.8 or later. For GitLab CE and EE versions 16.3 through 16.3.4, update to version 16.3.5 or later. For GitLab CE and EE versions 16.4 through 16.4.0, update to version 16.4.1 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-284

Related Identifiers

BDU:2023-06328

BIT-GITLAB-2023-5207

CVE-2023-5207

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2023-5661 · Gitlab · Gitlab Ce/Ee+1

CVE-2023-5207

Weakness Enumeration

Related Identifiers

Affected Products

References · 21