CVE-2023-6955
Missing Authorization in GitLab
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
Existe una vulnerabilidad de control de acceso inadecuado en GitLab Remote Development que afecta a todas las versiones anteriores a 16.5.6, 16.6 anterior a 16.6.4 y 16.7 anterior a 16.7.2. Esta condiciĆ³n permite a un atacante crear un workspace en un grupo asociado con un agente de otro grupo.
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-19 CVE Reserved
- 2024-01-12 CVE Published
- 2024-01-19 EPSS Updated
- 2024-10-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-668: Exposure of Resource to Wrong Sphere
- CWE-862: Missing Authorization
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | < 16.5.6 Search vendor "Gitlab" for product "Gitlab" and version " < 16.5.6" | community |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | < 16.5.6 Search vendor "Gitlab" for product "Gitlab" and version " < 16.5.6" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 16.6.0 < 16.6.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 16.6.0 < 16.6.4" | community |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 16.6.0 < 16.6.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 16.6.0 < 16.6.4" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 16.7.0 Search vendor "Gitlab" for product "Gitlab" and version "16.7.0" | community |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 16.7.0 Search vendor "Gitlab" for product "Gitlab" and version "16.7.0" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 16.7.1 Search vendor "Gitlab" for product "Gitlab" and version "16.7.1" | community |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 16.7.1 Search vendor "Gitlab" for product "Gitlab" and version "16.7.1" | enterprise |
Affected
|