CVE-2023-6955
published 2024-01-12CVE-2023-6955: A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.55%
42.0th percentile
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.6.5-3 (sid) | gitlab 16.6.5-3 (sid) |
| gitlab | gitlab | < 16.5.6 | 16.5.6 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.6 < 16.6.4 | 16.6.4 |
| gitlab | gitlab | >= 16.6.0 < 16.6.4 | 16.6.4 |
| gitlab | gitlab | >= 16.7 < 16.7.2 | 16.7.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM
vendor_debian6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GitLab Remote Development up to 16.5.5/16.6.3/16.7.1 access control (Issue 43218 / EUVD-2023-59151)
vuldb·2026-06-21·CVSS 5.3
CVE-2023-6955 [MEDIUM] GitLab Remote Development up to 16.5.5/16.6.3/16.7.1 access control (Issue 43218 / EUVD-2023-59151)
A vulnerability classified as critical was found in GitLab Remote Development up to 16.5.5/16.6.3/16.7.1. Affected by this issue is some unknown functionality. The manipulation results in improper access controls.
This vulnerability is cataloged as CVE-2023-6955. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.
OSV
CVE-2023-6955: A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16
osv·2024-01-12·CVSS 5.3
CVE-2023-6955 [MEDIUM] CVE-2023-6955: A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
GHSA
GHSA-2w7q-mj4w-9cm2: An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16
ghsa_unreviewed·2024-01-12
CVE-2023-6955 [MEDIUM] CWE-284 GHSA-2w7q-mj4w-9cm2: An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16
An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
GitLab
CVE-2023-6955: A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7
vendor_gitlab·2024-01-12·CVSS 6.6
CVE-2023-6955 [MEDIUM] CWE-862 CVE-2023-6955: A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7
CVE-2023-6955: A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
Debian
CVE-2023-6955: gitlab - A missing authorization check vulnerability exists in GitLab Remote Development ...
vendor_debian·2023·CVSS 6.6
CVE-2023-6955 [MEDIUM] CVE-2023-6955: gitlab - A missing authorization check vulnerability exists in GitLab Remote Development ...
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
Scope: local
sid: resolved (fixed in 16.6.5-3)
No detection rules found.
No public exploits indexed.
2024-01-12
Published