CVE-2023-5106

HIGH

GitLab EE <16.2.8-16.4.1 - Privilege Escalation

Title source: llm

Description

An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.

References (2)

Core 2

Core References

Patch

https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3

View Patch ZIP pw:eip

Issue Tracking permissions-required

https://gitlab.com/gitlab-org/security/gitlab/-/issues/980

Scores

CVSS v3 8.2

EPSS 0.0005

EPSS Percentile 14.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (5)

gitlab/gitlab 16.4.0

gitlab/gitlab 13.12 - 16.2.8

GitLab/GitLab 13.12 - 16.2.8

GitLab/GitLab 16.3.0 - 16.3.5

GitLab/GitLab 16.4.0 - 16.4.1

Published Oct 02, 2023

Tracked Since Feb 18, 2026