cvelist/2023/5xxx/CVE-2023-5106.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-5106",
        "ASSIGNER": "cve@gitlab.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-284: Improper Access Control",
                        "cweId": "CWE-284"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "GitLab",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "GitLab",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "13.12",
                                            "version_value": "16.2.8"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "16.3.0",
                                            "version_value": "16.3.5"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "16.4.0",
                                            "version_value": "16.4.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3",
                "refsource": "MISC",
                "name": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3"
            }
        ]
    },
    "solution": [
        {
            "lang": "en",
            "value": "Upgrade to version 16.2.8, 16.3.5, 16.4.1. If it is not viable to immediately upgrade to a patched version, risk of exploitation can be mitigated by ensuring the [Migrate groups by direct transfer](https://docs.gitlab.com/ee/user/group/import/index.html#migrate-groups-by-direct-transfer-recommended) feature is disabled until GitLab has been upgraded."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "This vulnerability has been discovered internally by GitLab team member Joern Schneeweisz"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "attackVector": "NETWORK",
                "attackComplexity": "HIGH",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "scope": "CHANGED",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH"
            }
        ]
    }
}
"-Synchronized-Data." 2023-09-21 11:00:31 +00:00			`{`
"-Synchronized-Data." 2023-10-02 12:00:36 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-09-21 11:00:31 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-5106",`
"-Synchronized-Data." 2023-10-02 12:00:36 +00:00			`"ASSIGNER": "cve@gitlab.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-09-21 11:00:31 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-10-02 12:00:36 +00:00			`"value": "An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-284: Improper Access Control",`
			`"cweId": "CWE-284"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "GitLab",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "GitLab",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "13.12",`
			`"version_value": "16.2.8"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "16.3.0",`
			`"version_value": "16.3.5"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "16.4.0",`
			`"version_value": "16.4.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3",`
			`"refsource": "MISC",`
			`"name": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"value": "Upgrade to version 16.2.8, 16.3.5, 16.4.1. If it is not viable to immediately upgrade to a patched version, risk of exploitation can be mitigated by ensuring the [Migrate groups by direct transfer](https://docs.gitlab.com/ee/user/group/import/index.html#migrate-groups-by-direct-transfer-recommended) feature is disabled until GitLab has been upgraded."`
			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "This vulnerability has been discovered internally by GitLab team member Joern Schneeweisz"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 8.2,`
			`"baseSeverity": "HIGH"`
"-Synchronized-Data." 2023-09-21 11:00:31 +00:00			`}`
			`]`
			`}`
			`}`