An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-10-02T11:49:56.333Z
Updated: 2024-08-30T15:13:45.888Z
Reserved: 2023-09-21T10:30:28.355Z
Link: CVE-2023-5106
Vulnrichment
Updated: 2024-08-02T07:44:53.795Z
NVD
Status : Analyzed
Published: 2023-10-02T12:15:09.997
Modified: 2023-10-04T12:25:09.517
Link: CVE-2023-5106
Redhat
No data.