An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/425521 | Broken Link |
https://hackerone.com/reports/2125189 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-15T16:03:05.257Z
Updated: 2023-12-15T16:03:05.257Z
Reserved: 2023-09-19T07:30:36.245Z
Link: CVE-2023-5061
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-15T16:15:45.930
Modified: 2023-12-19T22:55:31.227
Link: CVE-2023-5061
JSON object: View
Redhat Information
No data.
CWE