A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/425604 | Broken Link |
https://gitlab.com/gitlab-org/gitlab/-/issues/425857 | Broken Link |
https://hackerone.com/reports/2174141 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-250 |
04 Oct 2023, 01:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | NVD-CWE-noinfo | |
First Time |
Gitlab
Gitlab gitlab |
|
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/425857 - Broken Link | |
References | (MISC) https://hackerone.com/reports/2174141 - Permissions Required | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/425604 - Broken Link | |
CPE | cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
30 Sep 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-30 09:15
Updated : 2024-10-03 07:15
NVD link : CVE-2023-5207
Mitre link : CVE-2023-5207
CVE.ORG link : CVE-2023-5207
JSON object : View
Products Affected
gitlab
- gitlab
CWE