CVE-2023-5356 - OpenCVE

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.7.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.7.0::::enterprise:::
	cpe:2.3:a:gitlab:gitlab:16.7.1::::community:::
	cpe:2.3:a:gitlab:gitlab:16.7.1::::enterprise:::

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/427154
https://hackerone.com/reports/2188868

History

Thu, 19 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab::::::::

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-01-12T13:56:51.714Z

Updated: 2024-09-18T04:07:55.189Z

Reserved: 2023-10-03T12:30:32.774Z

Link: CVE-2023-5356

Vulnrichment

Updated: 2024-08-02T07:59:43.251Z

NVD

Status : Analyzed

Published: 2024-01-12T14:15:48.707

Modified: 2024-01-18T21:17:29.540

Link: CVE-2023-5356

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5356", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-10-03T12:30:32.774Z", "datePublished": "2024-01-12T13:56:51.714Z", "dateUpdated": "2024-09-18T04:07:55.189Z"}, "containers": {"cna": {"title": "Incorrect Authorization in GitLab", "descriptions": [{"lang": "en", "value": "Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "8.13", "status": "affected", "lessThan": "16.5.6", "versionType": "semver"}, {"version": "16.6", "status": "affected", "lessThan": "16.6.4", "versionType": "semver"}, {"version": "16.7", "status": "affected", "lessThan": "16.7.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154", "name": "GitLab Issue #427154", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2188868", "name": "HackerOne Bug Bounty Report #2188868", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6 or above."}], "credits": [{"lang": "en", "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:07:55.189Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:43.251Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154", "name": "GitLab Issue #427154", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2188868", "name": "HackerOne Bug Bounty Report #2188868", "tags": ["technical-description", "exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-23T21:57:40.489112Z", "id": "CVE-2023-5356", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T15:44:55.465Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154", "name": "GitLab Issue #427154", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2188868", "name": "HackerOne Bug Bounty Report #2188868", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:43.251Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5356", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-23T21:57:40.489112Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T15:44:46.500Z"}}], "cna": {"title": "Incorrect Authorization in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "8.13", "lessThan": "16.5.6", "versionType": "semver"}, {"status": "affected", "version": "16.6", "lessThan": "16.6.4", "versionType": "semver"}, {"status": "affected", "version": "16.7", "lessThan": "16.7.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154", "name": "GitLab Issue #427154", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2188868", "name": "HackerOne Bug Bounty Report #2188868", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:07:55.189Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5356", "state": "PUBLISHED", "dateUpdated": "2024-09-18T04:07:55.189Z", "dateReserved": "2023-10-03T12:30:32.774Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-01-12T13:56:51.714Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "A0266465-DBD2-4133-90B2-8DAE8D5C8588", "versionEndExcluding": "16.5.6", "versionStartIncluding": "8.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "75FBB40A-5B80-4CCC-81A1-B134B9529A23", "versionEndExcluding": "16.5.6", "versionStartIncluding": "8.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875", "versionEndExcluding": "16.6.4", "versionStartIncluding": "16.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7", "versionEndExcluding": "16.6.4", "versionStartIncluding": "16.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*", "matchCriteriaId": "150F88EA-DA27-4042-9778-932904C2FD41", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "29C6355F-1CD3-4E4A-AACA-19B497A631D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*", "matchCriteriaId": "D385A20C-BC93-4BB9-A47D-50C89D4DFA95", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77D86BC4-D4DD-4848-B0FD-0C16A3D2DF89", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user."}, {"lang": "es", "value": "Verificaciones de autorizaci\u00f3n incorrectas en GitLab CE/EE desde todas las versiones desde 8.13 anteriores a 16.5.6, todas las versiones desde 16.6 anteriores a 16.6.4, todas las versiones desde 16.7 anteriores a 16.7.2, permiten que un usuario abuse de las integraciones de slack/mattermost para ejecutar slash commands como otro usuario."}], "id": "CVE-2023-5356", "lastModified": "2024-01-18T21:17:29.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.8, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2024-01-12T14:15:48.707", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2188868"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "cve@gitlab.com", "type": "Secondary"}]}