An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.
Metrics
Affected Vendors & Products
References
History
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-285 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Improper Authorization in GitLab | Missing Authorization in GitLab |
Weaknesses | CWE-862 |
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-15T16:03:05.257Z
Updated: 2024-10-03T06:23:15.671Z
Reserved: 2023-09-19T07:30:36.245Z
Link: CVE-2023-5061
Vulnrichment
Updated: 2024-08-02T07:44:53.785Z
NVD
Status : Modified
Published: 2023-12-15T16:15:45.930
Modified: 2024-11-21T08:40:59.863
Link: CVE-2023-5061
Redhat
No data.