cve/2023/CVE-2023-3932.md

### [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=13.12%3C%2016.0.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%3A%20Missing%20Authorization&color=brighgreen)

### Description

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.

### POC

#### Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/417594

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932)`
			`![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=13.12%3C%2016.0.8%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%3A%20Missing%20Authorization&color=brighgreen)`

			`### Description`

			`An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.`

			`### POC`

			`#### Reference`
			`- https://gitlab.com/gitlab-org/gitlab/-/issues/417594`

			`#### Github`
			`No PoCs found on GitHub currently.`