CVE-2023-4700

2023-11-0618:15:08

CWE-284

GitLab

web.nvd.nist.gov

232

gitlab

cve

authorization issue

security

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

Affected configurations

Nvd

Vulners

Node

gitlabgitlabRange14.7.0–16.3.6enterprise

gitlabgitlabRange16.4.0–16.4.2enterprise

gitlabgitlabMatch16.5.0enterprise

VendorProductVersionCPE
gitlabgitlab16.5.0cpe:/a:gitlab:gitlab:16.5.0::enterprise:

Vendor	Product	Version	CPE
gitlab	gitlab	16.5.0	cpe:/a:gitlab:gitlab:16.5.0::enterprise:

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "16.3.6",
        "status": "affected",
        "version": "14.7",
        "versionType": "semver"
      },
      {
        "lessThan": "16.4.2",
        "status": "affected",
        "version": "16.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.5.1",
        "status": "affected",
        "version": "16.5.0",
        "versionType": "semver"
      }
    ]
  }
]