Security Scan Bypass Vulnerability Affects GitLab EE Versions
CVE-2023-5009

9.6CRITICAL

Key Information:

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
19 September 2023

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿ“ฐ News Worthy

Summary

A vulnerability has been identified in GitLab EE that allows attackers to execute pipeline jobs as an arbitrary user through scheduled security scan policies. This issue affects multiple versions of GitLab EE, enabling unauthorized actions that exploit a bypass related to previous vulnerabilities. This incident highlights the importance of monitoring security protocols and updating systems promptly to mitigate potential threats.

Affected Version(s)

GitLab 13.12 < 16.2.7

GitLab 16.3 < 16.3.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5009 - Proof of Concept

News Articles

favicon imageSecurity Affairs

GitLab addressed critical vulnerability CVE-2023-5009

GitLab rolled out security patches to address a critical flaw (CVE-2023-5009) that can be exploited to run pipelines as another user.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/425304
issue-tracking
https://hackerone.com/reports/2147126
technical-descriptionexploitpermissions-required

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ“ฐ

    First article discovered by Security Affairs

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program
.