CVE-2023-4700

Summary

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab14.7 < 16.3.6affected
GitLabGitLab16.4.0 < 16.4.2affected
GitLabGitLab16.5.0 < 16.5.1affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References