CVE-2023-6955

Medium

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to…

GitLab·CWE-862·Published 2024-01-12

CVSS

5.3

EPSS

0.01

KEV

Exploits

cve.orgen

288 chars

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

NVDen

288 chars

NVDes

295 chars

Existe una vulnerabilidad de control de acceso inadecuado en GitLab Remote Development que afecta a todas las versiones anteriores a 16.5.6, 16.6 anterior a 16.6.4 y 16.7 anterior a 16.7.2. Esta condición permite a un atacante crear un workspace en un grupo asociado con un agente de otro grupo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.6	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N