CVE-2023-5106
Incorrect Authorization in GitLab
7.5
HIGH
CVSS 3.1
EPSS 0.05%
Description
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.
How to fix CVE-2023-5106
To remediate CVE-2023-5106, upgrade the affected package to a fixed version below.
- —upgrade to 16.2.8 or later
Is CVE-2023-5106 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 13.12.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |