CVE-2023-4700 Improper Access Control in GitLab

2023-11-0617:30:35

CWE-284

GitLab

www.cve.org

cve-2023-4700

gitlab

access control

authorization

protected environments

vulnerability

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "16.3.6",
        "status": "affected",
        "version": "14.7",
        "versionType": "semver"
      },
      {
        "lessThan": "16.4.2",
        "status": "affected",
        "version": "16.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.5.1",
        "status": "affected",
        "version": "16.5.0",
        "versionType": "semver"
      }
    ]
  }
]