An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-08-03T04:01:58.186Z
Updated: 2024-09-18T13:14:46.779Z
Reserved: 2023-07-25T11:01:19.577Z
Link: CVE-2023-3932
Vulnrichment
Updated: 2024-08-02T07:08:50.781Z
NVD
Status : Analyzed
Published: 2023-08-03T05:15:10.723
Modified: 2023-10-20T20:04:39.057
Link: CVE-2023-3932
Redhat