CVE-2023-5106

HIGH

GitLab EE <16.2.8-16.4.1 - Privilege Escalation

Title source: llm

Description

An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.

References (2)

[Patch] https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3

View Patch ZIP pw:eip

[Issue Tracking] https://gitlab.com/gitlab-org/security/gitlab/-/issues/980

Scores

CVSS v3 8.2

EPSS 0.0004

EPSS Percentile 12.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Classification

CWE

CWE-863

Status published

Affected Products (2)

gitlab/gitlab < 16.2.8

gitlab/gitlab

Timeline

Published Oct 02, 2023

Tracked Since Feb 18, 2026