CVE-2023-5207

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-5207

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5207.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-5207

Aliases

BIT-gitlab-2023-5207

Downstream

UBUNTU-CVE-2023-5207

Published

2023-09-30T09:15:14Z

Modified

2024-11-21T08:41:18Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

280a09dbca836a6eedf5da1e63953fe8da44bf4c

Fixed

7fc27fe692abccaed7e2e0ebfea2aadf5140593f