9 matches found
CVE-2023-5009
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition EE. This vulnerability is significant as it enables an attacker to execute pipelines as another...
CVE-2023-5009
creationtimestamp| type| source ---|---|--- 2023-09-20 09:19:47+00:00| seen| https://t.me/thehackernews/3896 2023-09-20 10:49:32+00:00| seen| https://t.me/KomunitiSiber/816 2023-09-20 11:28:44+00:00| seen| https://t.me/ctinow/138119 2023-09-20 12:57:35+00:00| seen|...
GitLab Releases Urgent Security Patches for Critical Vulnerability
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 CVSS score: 9.6, impacts all versions of GitLab Enterprise Edition EE starting from 13.12 and prior to 16.2.7 as well as from 16.3 and befor...
CVE-2023-5009
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009
CVE-2023-5009 affects GitLab EE versions 13.12–before 16.2.7 and 16.3–before 16.3.4. An attacker could run pipeline jobs as an arbitrary user via scheduled security scan policies, bypassing CVE-2023-3932 and adding impact. The issue is described as a bypass of CVE-2023-3932 with additional impact...
CVE-2023-5009
Removed by vendor...