Lucene search

PRIOn knowledge basePRION:CVE-2023-3932

HistoryAug 03, 2023 - 5:15 a.m.

Design/Logic Flaw

2023-08-0305:15:00

PRIOn knowledge base

www.prio-n.com

gitlab ee

version 13.12 - 16.2.2

pipeline jobs

security scan policies

design flaw

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.

CPENameOperatorVersion
gitlabge16.2.0
gitlablt16.2.2
gitlabge13.12.0
gitlablt16.0.8
gitlabge16.1.0
gitlablt16.1.3

Name	Operator	Version
gitlab	ge	16.2.0
gitlab	lt	16.2.2
gitlab	ge	13.12.0
gitlab	lt	16.0.8
gitlab	ge	16.1.0
gitlab	lt	16.1.3

References

gitlab.com/gitlab-org/gitlab/-/issues/417594

hackerone.com/reports/2057633