Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:28 a.m.13 views

CVE-2023-5009

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

9.8CVSS7.1AI score0.08263EPSS
Exploits1References1
hivepro
hivepro
added 2023/09/22 5:19 a.m.48 views

GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition EE. This vulnerability is significant as it enables an attacker to execute pipelines as another...

7.5CVSS7AI score0.08263EPSS
Exploits1
Circl
Circl
added 2023/09/20 9:19 a.m.6 views

CVE-2023-5009

creationtimestamp| type| source ---|---|--- 2023-09-20 09:19:47+00:00| seen| https://t.me/thehackernews/3896 2023-09-20 10:49:32+00:00| seen| https://t.me/KomunitiSiber/816 2023-09-20 11:28:44+00:00| seen| https://t.me/ctinow/138119 2023-09-20 12:57:35+00:00| seen|...

9.8CVSS7.5AI score0.08263EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/09/20 7:18 a.m.151 views

GitLab Releases Urgent Security Patches for Critical Vulnerability

GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 CVSS score: 9.6, impacts all versions of GitLab Enterprise Edition EE starting from 13.12 and prior to 16.2.7 as well as from 16.3 and befor...

10CVSS8.8AI score0.99731EPSS
Exploits31
NVD
NVD
added 2023/09/19 8:16 a.m.39 views

CVE-2023-5009

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

9.8CVSS7.1AI score0.08263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/19 7:1 a.m.10 views

CVE-2023-5009 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

8.2CVSS9.7AI score0.08263EPSS
Exploits0References2
OSV
OSV
added 2023/09/19 7:1 a.m.29 views

CVE-2023-5009 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

8.2CVSS8.1AI score0.08263EPSS
Exploits0References5
CVE
CVE
added 2023/09/19 7:1 a.m.268 views

CVE-2023-5009

CVE-2023-5009 affects GitLab EE versions 13.12–before 16.2.7 and 16.3–before 16.3.4. An attacker could run pipeline jobs as an arbitrary user via scheduled security scan policies, bypassing CVE-2023-3932 and adding impact. The issue is described as a bypass of CVE-2023-3932 with additional impact...

9.8CVSS7.3AI score0.08263EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/09/19 7:1 a.m.32 views

CVE-2023-5009

Removed by vendor...

9.8CVSS7.5AI score0.08263EPSS
Exploits0
Rows per page
Query Builder