PT-2023-8248 · Gitlab · Gitlab Remote Development+1
Chad Woolley
·
Published
2023-12-19
·
Updated
2024-10-08
·
CVE-2023-6955
CVSS v3.1
6.6
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab Remote Development versions prior to 16.5.6
GitLab Remote Development version 16.6 prior to 16.6.4
GitLab Remote Development version 16.7 prior to 16.7.2
Description
The issue is related to improper access control in GitLab Remote Development, allowing an attacker to create a workspace in one group associated with an agent from another group. This can be exploited by a remote attacker to elevate their privileges.
Recommendations
For GitLab Remote Development versions prior to 16.5.6, update to version 16.5.6 or later.
For GitLab Remote Development version 16.6 prior to 16.6.4, update to version 16.6.4 or later.
For GitLab Remote Development version 16.7 prior to 16.7.2, update to version 16.7.2 or later.
Exploit
Fix
Improper Access Control
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Remote Development