An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-09-19T07:01:14.930Z
Updated: 2024-09-18T04:07:30.201Z
Reserved: 2023-09-15T22:30:36.931Z
Link: CVE-2023-5009
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-19T08:16:07.203
Modified: 2023-10-20T20:21:07.923
Link: CVE-2023-5009
Redhat
No data.