CVE-2023-5009

🗓️ 19 Sep 2023 07:01:14Reported by GitLabType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 249 Views

Issue in GitLab EE affecting versions 13.12 to 16.2.7 and 16.3 to 16.3.4 allows running pipeline jobs as arbitrary user via scheduled security scan policies

Reporter	Title	Published	Views	Family All 17
Circl	CVE-2023-5009	20 Sep 202309:19	–	circl
CNNVD	GitLab Enterprise Edition Security Vulnerability	19 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-5009 Incorrect Authorization in GitLab	19 Sep 202307:01	–	cvelist
Debian CVE	CVE-2023-5009	19 Sep 202307:01	–	debiancve
EUVD	EUVD-2023-57355	3 Oct 202520:07	–	euvd
Tenable Nessus	GitLab 13.12 < 16.2.7 / 16.3 < 16.3.4 (CVE-2023-5009)	19 Sep 202300:00	–	nessus
Hive Pro Threat Advisories	GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability	22 Sep 202305:19	–	hivepro
NVD	CVE-2023-5009	19 Sep 202308:16	–	nvd
OSV	BIT-GITLAB-2023-5009 Incorrect Authorization in GitLab	6 Mar 202410:57	–	osv
OSV	CVE-2023-5009 Incorrect Authorization in GitLab	19 Sep 202307:01	–	osv

NVD

Vulners

Node

gitlab gitlabRange13.12–16.2.7enterprise

gitlab gitlabRange16.3–16.3.4enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "13.12",
        "status": "affected",
        "lessThan": "16.2.7",
        "versionType": "semver"
      },
      {
        "version": "16.3",
        "status": "affected",
        "lessThan": "16.3.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]