2241504 – (CVE-2023-5207) CVE-2023-5207 gitlab: Improper Authorization for Pipeline Execution

Bug 2241504 (CVE-2023-5207) - CVE-2023-5207 gitlab: Improper Authorization for Pipeline Execution

Summary: CVE-2023-5207 gitlab: Improper Authorization for Pipeline Execution

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-5207
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2241503
TreeView+	depends on / blocked

Reported:	2023-09-30 15:27 UTC by Patrick Del Bello
Modified:	2023-10-17 22:21 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2023-10-09 05:45:04 UTC
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2023-09-30 15:27:43 UTC

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

https://hackerone.com/reports/2174141
https://gitlab.com/gitlab-org/gitlab/-/issues/425604
https://gitlab.com/gitlab-org/gitlab/-/issues/425857

Note You need to log in before you can comment on or make changes to this bug.