CVE-2023-5207

HIGH

GitLab CE/EE <16.2.8-16.4.1 - Authenticated RCE

Title source: llm

Description

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

References (3)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/425604

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/425857

[Permissions Required] https://hackerone.com/reports/2174141

Scores

CVSS v3 8.2

EPSS 0.0033

EPSS Percentile 55.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Classification

CWE

CWE-250

Status published

Affected Products (4)

gitlab/gitlab < 16.2.8

gitlab/gitlab

Timeline

Published Sep 30, 2023

Tracked Since Feb 18, 2026