CVE-2023-4700 - OpenCVE

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.5.0::::enterprise:::

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/421937
https://hackerone.com/reports/2129826

History

Thu, 19 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab::::::::

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-11-06T17:30:35.198Z

Updated: 2024-09-18T04:07:10.189Z

Reserved: 2023-09-01T06:01:16.407Z

Link: CVE-2023-4700

Vulnrichment

Updated: 2024-08-02T07:37:59.401Z

NVD

Status : Analyzed

Published: 2023-11-06T18:15:08.730

Modified: 2023-11-14T20:00:25.203

Link: CVE-2023-4700

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4700", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-09-01T06:01:16.407Z", "datePublished": "2023-11-06T17:30:35.198Z", "dateUpdated": "2024-09-18T04:07:10.189Z"}, "containers": {"cna": {"title": "Improper Access Control in GitLab", "descriptions": [{"lang": "en", "value": "An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "14.7", "status": "affected", "lessThan": "16.3.6", "versionType": "semver"}, {"version": "16.4.0", "status": "affected", "lessThan": "16.4.2", "versionType": "semver"}, {"version": "16.5.0", "status": "affected", "lessThan": "16.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937", "name": "GitLab Issue #421937", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2129826", "name": "HackerOne Bug Bounty Report #2129826", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.3.6, 16.4.2, 16.5.1 or above."}], "credits": [{"lang": "en", "value": "Thanks [Gregor Pirolt](https://hackerone.com/gregodfather) for reporting this vulnerability through our HackerOne bug bounty program.", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:07:10.189Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T14:01:29.263850Z", "id": "CVE-2023-4700", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T14:01:41.133Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:37:59.401Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937", "name": "GitLab Issue #421937", "tags": ["issue-tracking", "permissions-required", "x_transferred"]}, {"url": "https://hackerone.com/reports/2129826", "name": "HackerOne Bug Bounty Report #2129826", "tags": ["technical-description", "exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937", "name": "GitLab Issue #421937", "tags": ["issue-tracking", "permissions-required", "x_transferred"]}, {"url": "https://hackerone.com/reports/2129826", "name": "HackerOne Bug Bounty Report #2129826", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:37:59.401Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4700", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-24T14:01:29.263850Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T14:01:36.501Z"}}], "cna": {"title": "Improper Access Control in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [Gregor Pirolt](https://hackerone.com/gregodfather) for reporting this vulnerability through our HackerOne bug bounty program."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "14.7", "lessThan": "16.3.6", "versionType": "semver"}, {"status": "affected", "version": "16.4.0", "lessThan": "16.4.2", "versionType": "semver"}, {"status": "affected", "version": "16.5.0", "lessThan": "16.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.3.6, 16.4.2, 16.5.1 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937", "name": "GitLab Issue #421937", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2129826", "name": "HackerOne Bug Bounty Report #2129826", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:07:10.189Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4700", "state": "PUBLISHED", "dateUpdated": "2024-09-18T04:07:10.189Z", "dateReserved": "2023-09-01T06:01:16.407Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-11-06T17:30:35.198Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "33EC121E-A987-4A2C-9E09-C875620BA4B5", "versionEndExcluding": "16.3.6", "versionStartIncluding": "14.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F67E4E44-65EA-494F-B1FA-D080F53329AD", "versionEndExcluding": "16.4.2", "versionStartIncluding": "16.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A7286C51-077E-4093-9AF9-66CEE22915AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals."}, {"lang": "es", "value": "Un problema de autorizaci\u00f3n que afectaba a GitLab EE y afectaba a todas las versiones desde 14.7 anterior a 16.3.6, 16.4 anterior a 16.4.2 y 16.5 anterior a 16.5.1, permit\u00eda a un usuario ejecutar trabajos en entornos protegidos, sin pasar por las aprobaciones requeridas."}], "id": "CVE-2023-4700", "lastModified": "2023-11-14T20:00:25.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-11-06T18:15:08.730", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2129826"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve@gitlab.com", "type": "Secondary"}]}