A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 | Issue Tracking Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.6 |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Issue Tracking, Vendor Advisory |
08 Oct 2024, 18:59
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Issue Tracking, Vendor Advisory |
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
Summary | (en) A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. |
30 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
18 Jan 2024, 21:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:* |
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Broken Link | |
First Time |
Gitlab gitlab
Gitlab |
|
CWE | CWE-668 |
12 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 14:15
Updated : 2024-11-21 08:44
NVD link : CVE-2023-6955
Mitre link : CVE-2023-6955
CVE.ORG link : CVE-2023-6955
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-862
Missing Authorization