CVE-2023-5207

2023-10-0316:54:49

redhat.com

access.redhat.com

gitlab

vulnerability

pipeline execution

authenticated attacker

version 16.0

version 16.2.8

version 16.3

version 16.3.5

version 16.4

version 16.4.1

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.019 Low

EPSS

Percentile

88.5%

JSON

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.