CVE-2023-5009

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 19, 2023

Updated: Oct 20, 2023

CWE ID 284

Summary

CVE-2023-5009 is a newly discovered vulnerability in GitLab Enterprise Edition (EE), affecting versions 13.12 to 16.2.6 and 16.3 to 16.3.3. An attacker could exploit this issue by running pipeline jobs as an arbitrary user through scheduled security scan policies. This bypasses the mitigation provided by CVE-2023-3932, adding to the potential impact of the vulnerability. GitLab urges users to upgrade to the patched versions to protect against this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sssx9b
https://www.cve.org/CVERecord?id=CVE-2023-5009
https://nvd.nist.gov/vuln/detail/CVE-2023-5009

Back to Vulnerability Database