Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/427154 | Broken Link |
https://hackerone.com/reports/2188868 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2024-01-12T13:56:51.714Z
Updated: 2024-01-16T07:34:04.666Z
Reserved: 2023-10-03T12:30:32.774Z
Link: CVE-2023-5356
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-12T14:15:48.707
Modified: 2024-01-18T21:17:29.540
Link: CVE-2023-5356
JSON object: View
Redhat Information
No data.
CWE