CVE-2023-6477
Incorrect Privilege Assignment in GitLab
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.
Se descubriĆ³ un problema en GitLab EE que afecta a todas las versiones desde 16.5 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Cuando a un usuario se le asigna una funciĆ³n personalizada con permiso admin_group_member, es posible que pueda convertir un grupo, otros miembros o ellos mismos en propietarios de ese grupo, lo que puede llevar a una escalada de privilegios.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-12-04 CVE Reserved
- 2024-02-21 CVE Published
- 2024-03-05 EPSS Updated
- 2024-10-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-269: Improper Privilege Management
CAPEC
References (0)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 16.5.0 < 16.7.6 Search vendor "Gitlab" for product "Gitlab" and version " >= 16.5.0 < 16.7.6" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 16.8.0 <= 16.8.3 Search vendor "Gitlab" for product "Gitlab" and version " >= 16.8.0 <= 16.8.3" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 16.9.0 Search vendor "Gitlab" for product "Gitlab" and version "16.9.0" | enterprise |
Affected
|