A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
History

Tue, 08 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-668

Thu, 03 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863

Thu, 03 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Description An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
Title Improper Access Control in GitLab Missing Authorization in GitLab
Weaknesses CWE-862

Fri, 30 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Fri, 30 Aug 2024 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
Description An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-01-12T13:56:31.881Z

Updated: 2024-10-15T22:56:39.309Z

Reserved: 2023-12-19T17:02:08.767Z

Link: CVE-2023-6955

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-12T14:15:49.233

Modified: 2024-11-21T08:44:54.833

Link: CVE-2023-6955

cve-icon Redhat

No data.