A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Oct 2024, 18:59
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Issue Tracking, Vendor Advisory |
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
Summary | (en) A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. |
30 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
18 Jan 2024, 21:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-668 | |
First Time |
Gitlab gitlab
Gitlab |
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Broken Link | |
CPE | cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
12 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 14:15
Updated : 2024-10-08 18:59
NVD link : CVE-2023-6955
Mitre link : CVE-2023-6955
CVE.ORG link : CVE-2023-6955
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-862
Missing Authorization