CVE-2023-5207

Summary

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab16.4 < 16.4.1affected
GitLabGitLab16.3 < 16.3.5affected
GitLabGitLab16.0.0 < 16.2.8affected

Weaknesses

  • CWE-250: CWE-250: Execution with Unnecessary Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References