CVE-2023-6477

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/433463	Permissions Required
https://hackerone.com/reports/2270898	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.9.0::::enterprise:::

History

04 Mar 2024, 20:25

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:gitlab:gitlab:16.9.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/433463 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/433463 - Permissions Required
References	~~() https://hackerone.com/reports/2270898 -~~	() https://hackerone.com/reports/2270898 - Permissions Required
First Time		Gitlab Gitlab gitlab

22 Feb 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-22 00:15

Updated : 2024-03-04 20:25

NVD link : CVE-2023-6477

Mitre link : CVE-2023-6477

CVE.ORG link : CVE-2023-6477

JSON object : View

Products Affected

gitlab

gitlab

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2023-6477", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}]}, "published": "2024-02-22T00:15:51.533", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433463", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2270898", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 16.5 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Cuando a un usuario se le asigna una funci\u00f3n personalizada con permiso admin_group_member, es posible que pueda convertir un grupo, otros miembros o ellos mismos en propietarios de ese grupo, lo que puede llevar a una escalada de privilegios."}], "lastModified": "2024-03-04T20:25:04.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B2558C81-DADC-475C-A06B-DB9048CE85FC", "versionEndExcluding": "16.7.6", "versionStartIncluding": "16.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "BF18D8E8-7406-46F4-BDDD-CC743A5C4D80", "versionEndIncluding": "16.8.3", "versionStartIncluding": "16.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "1E374890-90FC-4DC5-8C0B-87CC99B4A4D7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}