Lucene search

GitLabVULNRICHMENT:CVE-2023-4700

HistoryNov 06, 2023 - 5:30 p.m.

CVE-2023-4700 Improper Access Control in GitLab

2023-11-0617:30:35

CWE-284

GitLab

github.com

gitlab

access control

authorization

security vulnerability

cve-2023-4700

version 14.7

version 16.3.6

version 16.4.2

version 16.5.1

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

References

gitlab.com/gitlab-org/gitlab/-/issues/421937

hackerone.com/reports/2129826

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-4700