CVE-2023-5009
published 2023-09-19CVE-2023-5009: An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.26%
94.2th percentile
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 13.12 < 16.2.7 | 16.2.7 |
| gitlab | gitlab | >= 16.3 < 16.3.4 | 16.3.4 |
| gitlab | gitlab_ee | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability allows running pipeline jobs as an arbitrary user via scheduled security scan policies — monitor for pipeline executions triggered by security scan policies where the executing user identity differs from the policy owner or scheduled user. ↗
- →Instances with both 'Direct transfers' and 'Security policies' features simultaneously enabled are confirmed vulnerable — detect this configuration state as a risk indicator. ↗
- ·Affected versions are GitLab EE (and CE) 13.12 through 16.2.6 and 16.3 through 16.3.3; fixed in 16.2.7 and 16.3.4. Versions before 16.2 have no direct patch available. ↗
- ·For instances on versions before 16.2 (no patch available), the recommended mitigation is to not have both 'Direct transfers' and 'Security policies' enabled at the same time. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_debian8.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2023-5009: An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It
vendor_gitlab·2023-09-19·CVSS 8.2
CVE-2023-5009 [HIGH] CWE-863 CVE-2023-5009: An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It
CVE-2023-5009: An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
Debian
CVE-2023-5009: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 1...
vendor_debian·2023·CVSS 8.2
CVE-2023-5009 [HIGH] CVE-2023-5009: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 1...
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
Scope: local
sid: resolved
GHSA
GHSA-g4c2-hhjc-4hgg: An issue has been discovered in GitLab EE affecting all versions starting from 13
ghsa_unreviewed·2023-09-19·CVSS 8.2
CVE-2023-5009 [HIGH] CWE-284 GHSA-g4c2-hhjc-4hgg: An issue has been discovered in GitLab EE affecting all versions starting from 13
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
GitLab warns of critical pipeline execution vulnerability
blogs_bleepingcomputer·2024-09-12·CVSS 8.2
CVE-2024-6678 [HIGH] GitLab warns of critical pipeline execution vulnerability
## GitLab warns of critical pipeline execution vulnerability
## Bill Toulas
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
The release is for versions 17.3.2, 17.2.5, and 17.1.7 for both GitLab Community Edition (CE) and Enterprise Edition (EE), and patches a total of 18 security issues as part of the bi-monthly (scheduled) security updates.
With a critical severity score of 9.9, the CVE-2024-6678 vulnerability could enable an attacker to execute environment stop actions as the owner of the stop action job.
The severity of the flaw comes from its potential for remote exploitation, lack of user interaction, and the low privileges requ
Wiz
Crying Out Cloud - September Newsletter | Wiz
blogs_wiz·2023-10-05·CVSS 8.2
[HIGH] Crying Out Cloud - September Newsletter | Wiz
Welcome back! Over the last busy month, we’ve seen many critical vulnerabilities pop up and there have been reports of several impactful security incidents. We’ve sifted through the noise to bring you the real game-changers.
Here are our top picks of cloud security highlights!
## ✨ Highlights
## Misconfigured SAS token leads to data leak
Wiz Research discovered that Microsoft accidentally exposed 38TB of sensitive data through a misconfigured SAS token published in a public GitHub repository in the course of sharing AI data with the community. This data included secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. Read our blogpost for guidance on secure usage of SAS tokens.
Learn more in our blog .
## 🐞 High Profile Vulnerabilities
## Critical vulner
Checkpoint
25th September – Threat Intelligence Report
blogs_checkpoint·2023-09-25
CVE-2023-41991 25th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 25th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 25th September, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Monti ransomware gang has claimed responsibility for a cyber-attack on New Zealand’s third-largest university, Auckland University of Technology. The threat actors claim to have stolen 60GB of data, giving the victim a deadline of October 9 th to pay a ransom.
Check Point Threat Emulation provides protection against
Bleepingcomputer
GitLab urges users to install security updates for critical pipeline flaw
blogs_bleepingcomputer·2023-09-19·CVSS 8.2
CVE-2023-5009 [HIGH] GitLab urges users to install security updates for critical pipeline flaw
## GitLab urges users to install security updates for critical pipeline flaw
## Bill Toulas
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
GitLab is a popular web-based open-source software project management and work tracking platform, offering a free and commercial version.
The flaw was assigned CVE-2023-5009 (CVSS v3.1 score: 9.6) and impacts GitLab Community Edition (CE) and Enterprise Edition (EE) versions 13.12 through 16.2.7 and versions 16.3 through 16.3.4.
The issue was discovered by security researcher and bug hunter Johan Carlsson , who GitLab said is a bypass of a medium-severity problem tracked as CVE-2023-3932 that was fixed in August.
The resea
2023-09-19
Published