CVE-2023-6955

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6955
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*
History

08 Oct 2024, 18:59

Type Values Removed Values Added
CWE CWE-668
References () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Issue Tracking, Vendor Advisory

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-863 CWE-862
Summary (en) An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. (en) A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

30 Aug 2024, 14:15

Type Values Removed Values Added
CWE CWE-284 CWE-863

18 Jan 2024, 21:16

Type Values Removed Values Added
CWE CWE-668
First Time Gitlab gitlab
Gitlab
References () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - () https://gitlab.com/gitlab-org/gitlab/-/issues/432188 - Broken Link
CPE cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

12 Jan 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-12 14:15

Updated : 2024-10-08 18:59

NVD link : CVE-2023-6955

Mitre link : CVE-2023-6955

CVE.ORG link : CVE-2023-6955

JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-862

Missing Authorization


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024