CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*

History

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-284 CWE-250

04 Oct 2023, 01:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE NVD-CWE-noinfo
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/425857 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/425857 - Broken Link
References (MISC) https://hackerone.com/reports/2174141 - (MISC) https://hackerone.com/reports/2174141 - Permissions Required
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/425604 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/425604 - Broken Link
CPE cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
First Time Gitlab
Gitlab gitlab

30 Sep 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-30 09:15

Updated : 2024-10-03 07:15


NVD link : CVE-2023-5207

Mitre link : CVE-2023-5207

CVE.ORG link : CVE-2023-5207


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-250

Execution with Unnecessary Privileges