CVE-2023-2478 - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json
https://gitlab.com/gitlab-org/gitlab/-/issues/409470
https://hackerone.com/reports/1969599

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-05-08T00:00:00

Updated: 2024-08-02T06:26:08.974Z

Reserved: 2023-05-02T00:00:00

Link: CVE-2023-2478

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-08T21:15:10.997

Modified: 2023-05-15T17:04:56.630

Link: CVE-2023-2478

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-2478", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2024-08-02T06:26:08.974Z", "dateReserved": "2023-05-02T00:00:00", "datePublished": "2023-05-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-05-08T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "versions": [{"version": ">=15.4, <15.9.7", "status": "affected"}, {"version": ">=15.10, <15.10.6", "status": "affected"}, {"version": ">=15.11, <15.11.2", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409470"}, {"url": "https://hackerone.com/reports/1969599"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json"}], "credits": [{"lang": "en", "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Incorrect permission assignment for critical resource in GitLab"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:08.974Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409470", "tags": ["x_transferred"]}, {"url": "https://hackerone.com/reports/1969599", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "F31A1A1D-8935-4F28-B2D6-7BC226014DDF", "versionEndExcluding": "15.9.7", "versionStartIncluding": "15.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "946B8298-406C-4426-B9D5-3C3259073DDE", "versionEndExcluding": "15.9.7", "versionStartIncluding": "15.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "769E332B-9DBA-4751-B0F8-9F6484E3E49B", "versionEndExcluding": "15.10.6", "versionStartIncluding": "15.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6EDA3CE4-6830-44A0-9F6B-9DC550F62AD1", "versionEndExcluding": "15.10.6", "versionStartIncluding": "15.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "7432A843-DCCD-46CA-8339-1D5F108DB796", "versionEndExcluding": "15.11.2", "versionStartIncluding": "15.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "756390DB-9929-4EC6-9273-854E3654968B", "versionEndExcluding": "15.11.2", "versionStartIncluding": "15.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project."}], "id": "CVE-2023-2478", "lastModified": "2023-05-15T17:04:56.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-05-08T21:15:10.997", "references": [{"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409470"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1969599"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}