Incorrect Authorization in GitLab
CVE-2023-5356

7.3HIGH

Key Information:

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
12 January 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

Summary

The vulnerability arises from incorrect authorization checks within GitLab CE/EE, impacting versions starting from 8.13 up to 16.5.6, from 16.6 up to 16.6.4, and from 16.7 up to 16.7.2. This flaw permits an authenticated user to potentially exploit the integrations with Slack and Mattermost, allowing them to execute slash commands as another user. The security oversight underscores the need for stringent permission controls and thorough testing of integration features to prevent misuse.

Affected Version(s)

GitLab 8.13 < 16.5.6

GitLab 16.6 < 16.6.4

GitLab 16.7 < 16.7.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5356 - Proof of Concept

News Articles

favicon imageSC Magazine

GitLab vulnerability risks account takeover via simple password reset

No user interaction is required for takeover; GitLab CE and EE users should patch immediately.

1 year ago

References

https://gitlab.com/gitlab-org/gitlab/-/issues/427154
issue-tracking
https://hackerone.com/reports/2188868
technical-descriptionexploitpermissions-required

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by SC Magazine

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)2 News Article(s)

Credit

Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program
.