An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/425304 | Broken Link |
https://hackerone.com/reports/2147126 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
21 Sep 2023, 18:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab
Gitlab gitlab |
|
CWE | NVD-CWE-Other | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/425304 - Broken Link | |
References | (MISC) https://hackerone.com/reports/2147126 - Permissions Required | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
19 Sep 2023, 08:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-19 08:16
Updated : 2024-02-28 20:33
NVD link : CVE-2023-5009
Mitre link : CVE-2023-5009
CVE.ORG link : CVE-2023-5009
JSON object : View
Products Affected
gitlab
- gitlab
CWE