CVE-2023-6477 - OpenCVE

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.9.0::::enterprise:::

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/433463	Permissions Required
https://hackerone.com/reports/2270898	Permissions Required

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2024-02-21T23:31:09.811Z

Updated: 2024-02-22T04:04:35.685Z

Reserved: 2023-12-04T06:30:28.970Z

Link: CVE-2023-6477

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-22T00:15:51.533

Modified: 2024-03-04T20:25:04.490

Link: CVE-2023-6477

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6477", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-12-04T06:30:28.970Z", "datePublished": "2024-02-21T23:31:09.811Z", "dateUpdated": "2024-02-22T04:04:35.685Z"}, "containers": {"cna": {"title": "Improper Privilege Management in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "versions": [{"version": "16.5", "status": "affected", "lessThan": "16.7.6", "versionType": "semver"}, {"version": "16.8", "status": "affected", "lessThan": "16.8.3", "versionType": "semver"}, {"version": "16.9", "status": "affected", "lessThan": "16.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269: Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433463", "name": "GitLab Issue #433463", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2270898", "name": "HackerOne Bug Bounty Report #2270898", "tags": ["technical-description", "exploit"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.9.1, 16.8.3, 16.7.6 or above."}], "credits": [{"lang": "en", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-02-22T04:04:35.685Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B2558C81-DADC-475C-A06B-DB9048CE85FC", "versionEndExcluding": "16.7.6", "versionStartIncluding": "16.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "BF18D8E8-7406-46F4-BDDD-CC743A5C4D80", "versionEndIncluding": "16.8.3", "versionStartIncluding": "16.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "1E374890-90FC-4DC5-8C0B-87CC99B4A4D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 16.5 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Cuando a un usuario se le asigna una funci\u00f3n personalizada con permiso admin_group_member, es posible que pueda convertir un grupo, otros miembros o ellos mismos en propietarios de ese grupo, lo que puede llevar a una escalada de privilegios."}], "id": "CVE-2023-6477", "lastModified": "2024-03-04T20:25:04.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.5, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2024-02-22T00:15:51.533", "references": [{"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433463"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2270898"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "cve@gitlab.com", "type": "Secondary"}]}