CVE-2023-4700
LOWGitLab 14.7-16.3.5, 16.4-16.4.1, 16.5 - Missing Authorization for Protected Environment Job Execution
Title source: llmDescription
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.
References (2)
Core 2
Core References
Broken Link issue-tracking
permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/421937
Permissions Required technical-description
exploit
permissions-required
https://hackerone.com/reports/2129826
Scores
CVSS v3
3.5
EPSS
0.0001
EPSS Percentile
0.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
gitlab/gitlab
16.5.0
gitlab/gitlab
14.7.0 - 16.3.6
Published
Nov 06, 2023
Tracked Since
Feb 18, 2026