{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-5207","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2023-09-26T18:01:22.360Z","datePublished":"2023-09-30T08:30:30.788Z","dateUpdated":"2025-11-20T04:10:28.256Z"},"containers":{"cna":{"title":"Execution with Unnecessary Privileges in GitLab","descriptions":[{"lang":"en","value":"A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"16.4","status":"affected","lessThan":"16.4.1","versionType":"semver"},{"version":"16.3","status":"affected","lessThan":"16.3.5","versionType":"semver"},{"version":"16.0.0","status":"affected","lessThan":"16.2.8","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-250: Execution with Unnecessary Privileges","cweId":"CWE-250","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/425604","name":"GitLab Issue #425604","tags":["issue-tracking"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/425857","name":"GitLab Issue #425857","tags":["issue-tracking","permissions-required"]},{"url":"https://hackerone.com/reports/2174141","name":"HackerOne Bug Bounty Report #2174141","tags":["technical-description","exploit","permissions-required"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 16.4.1, 16.3.5, 16.2.8 or above."}],"credits":[{"lang":"en","value":"Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2025-11-20T04:10:28.256Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-24T18:29:24.441970Z","id":"CVE-2023-5207","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-17T15:48:48.009Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:52:07.762Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/425604","name":"GitLab Issue #425604","tags":["issue-tracking","x_transferred"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/425857","name":"GitLab Issue #425857","tags":["issue-tracking","permissions-required","x_transferred"]},{"url":"https://hackerone.com/reports/2174141","name":"HackerOne Bug Bounty Report #2174141","tags":["technical-description","exploit","x_transferred"]}]}]}}