CVE-2023-5356 — Incorrect Authorization in Gitlab

CWE-863 — Incorrect Authorization6 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 79.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJan 12

Description

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5gitlab/gitlab8.13 — 16.5.6+2

▶NVDgitlab/gitlab8.13.0 — 16.5.6+3

▶debiandebian/gitlab< gitlab 16.6.5-3 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-x7v8-7cpc-hv73: Incorrect authorization checks in GitLab CE/EE from all versions starting from 8↗2024-01-12

▶

OSV

CVE-2023-5356: Incorrect authorization checks in GitLab CE/EE from all versions starting from 8↗2024-01-12

▶

📋Vendor Advisories

GitLab

CVE-2023-5356: Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all↗2024-01-12

▶

Debian

CVE-2023-5356: gitlab - Incorrect authorization checks in GitLab CE/EE from all versions starting from 8...↗2023

▶

🕵️Threat Intelligence

Bleepingcomputer

GitLab warns of critical zero-click account hijacking vulnerability↗2024-01-12

▶