Home

Description

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

PUBLISHED Reserved 2023-12-19 | Published 2024-01-12 | Updated 2026-06-14 | Assigner GitLab




MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

Any version before 16.5.6
affected

16.6 (semver) before 16.6.4
affected

16.7 (semver) before 16.7.2
affected

Credits

This vulnerability has been discovered internally by GitLab team member Jerry Seto finder

References

gitlab.com/gitlab-org/gitlab/-/issues/432188 (GitLab Issue #432188) issue-tracking

gitlab.com/gitlab-org/gitlab/-/issues/432188 (GitLab Issue #432188) issue-tracking

cve.org (CVE-2023-6955)

nvd.nist.gov (CVE-2023-6955)

Download JSON