CVE-2023-5106
8.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GitLab | GitLab | 13.12 < 16.2.8 | affected |
| GitLab | GitLab | 16.3.0 < 16.3.5 | affected |
| GitLab | GitLab | 16.4.0 < 16.4.1 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3
- https://gitlab.com/gitlab-org/security/gitlab/-/issues/980
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.