Security Scan Bypass Vulnerability Affects GitLab EE Versions
CVE-2023-5009
Key Information:
Badges
What is CVE-2023-5009?
A vulnerability has been identified in GitLab EE that allows attackers to execute pipeline jobs as an arbitrary user through scheduled security scan policies. This issue affects multiple versions of GitLab EE, enabling unauthorized actions that exploit a bypass related to previous vulnerabilities. This incident highlights the importance of monitoring security protocols and updating systems promptly to mitigate potential threats.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
GitLab 13.12 < 16.2.7
GitLab 16.3 < 16.3.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Security AffairsCVE-2023-5009GitLab addressed critical vulnerability CVE-2023-5009
GitLab rolled out security patches to address a critical flaw (CVE-2023-5009) that can be exploited to run pipelines as another user.
References
CVSS V3.1
Timeline
- π°
First article discovered by Security Affairs
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved