cbcvebase.
CVE-2023-5009
published 2023-09-19

CVE-2023-5009: An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.26%
94.2th percentile
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiangitlab
gitlabgitlab
gitlabgitlab>= 13.12 < 16.2.716.2.7
gitlabgitlab>= 16.3 < 16.3.416.3.4
gitlabgitlab_ee

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability allows running pipeline jobs as an arbitrary user via scheduled security scan policies — monitor for pipeline executions triggered by security scan policies where the executing user identity differs from the policy owner or scheduled user.
  • Instances with both 'Direct transfers' and 'Security policies' features simultaneously enabled are confirmed vulnerable — detect this configuration state as a risk indicator.
  • ·Affected versions are GitLab EE (and CE) 13.12 through 16.2.6 and 16.3 through 16.3.3; fixed in 16.2.7 and 16.3.4. Versions before 16.2 have no direct patch available.
  • ·For instances on versions before 16.2 (no patch available), the recommended mitigation is to not have both 'Direct transfers' and 'Security policies' enabled at the same time.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_debian8.2LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.