BIT-gitlab-2023-6955

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2023-6955.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-gitlab-2023-6955
Aliases
Published
2024-03-06T10:53:55.060Z
Modified
2024-11-27T19:40:48.342Z
Summary
[none]
Details

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

Database specific
{
    "cpes": [
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / gitlab

Package

Name
gitlab
Purl
pkg:bitnami/gitlab

Severity

  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.5.6
Introduced
16.6.0
Fixed
16.6.4
Introduced
16.7.0
Fixed
16.7.2