CVE-2023-6955

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
References
Link Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*

History

08 Oct 2024, 18:59

Type Values Removed Values Added
CWE CWE-668
References () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Issue Tracking, Vendor Advisory

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-863 CWE-862
Summary (en) An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. (en) A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

30 Aug 2024, 14:15

Type Values Removed Values Added
CWE CWE-284 CWE-863

18 Jan 2024, 21:16

Type Values Removed Values Added
CWE CWE-668
First Time Gitlab gitlab
Gitlab
References () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Broken Link
CPE cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

12 Jan 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-12 14:15

Updated : 2024-10-08 18:59


NVD link : CVE-2023-6955

Mitre link : CVE-2023-6955

CVE.ORG link : CVE-2023-6955


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-862

Missing Authorization