CVE-2023-2022

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 2, 2023

Updated: Aug 5, 2023

CWE ID 88

CWE ID 284

Summary

CVE-2023-2022 is a vulnerability affecting GitLab CE/EE versions prior to 16.0.8, 16.1.3, and 16.2.2. This issue grants developers the ability to create pipeline schedules on protected branches despite not having the required merge access. This can potentially lead to unauthorized pipeline executions and further security risks. It is crucial for GitLab users to update their systems to the patched versions to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sXZcO3
https://www.cve.org/CVERecord?id=CVE-2023-2022
https://nvd.nist.gov/vuln/detail/CVE-2023-2022

Back to Vulnerability Database

CVE-2023-2022

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations