Lucene search

Ubuntu.comUB:CVE-2023-5207

HistorySep 30, 2023 - 12:00 a.m.

CVE-2023-5207

2023-09-3000:00:00

ubuntu.com

cve-2023-5207

gitlab

authentication

pipeline execution

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.019 Low

EPSS

Percentile

88.5%

JSON

A vulnerability was discovered in GitLab CE and EE affecting all versions
starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to
16.4.1. An authenticated attacker could perform arbitrary pipeline
execution under the context of another user.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/425604

gitlab.com/gitlab-org/gitlab/-/issues/425857

hackerone.com/reports/2174141

launchpad.net/bugs/cve/CVE-2023-5207

nvd.nist.gov/vuln/detail/CVE-2023-5207

security-tracker.debian.org/tracker/CVE-2023-5207

www.cve.org/CVERecord?id=CVE-2023-5207

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for UB:CVE-2023-5207