CVE-2023-6955

Published: Jan 12, 2024Modified: May 5, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

Affected (8)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 16.5.6
Gitlab Gitlab	From 16.6.0 to 16.6.4
Gitlab Gitlab	Before 16.5.6
Gitlab Gitlab	From 16.6.0 to 16.6.4
Gitlab Gitlab	Version 16.7.0
Gitlab Gitlab	Version 16.7.0
Gitlab Gitlab	Version 16.7.1
Gitlab Gitlab	Version 16.7.1

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/432188

Source: cve@gitlab.com

Issue TrackingVendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/432188

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.