Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2478


An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.


Published

2023-05-08T21:15:10.997

Last Modified

2025-01-29T18:15:44.907

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses
  • Type: Primary
    CWE-732
  • Type: Secondary
    CWE-732

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gitlab gitlab < 15.9.7 Yes
Application gitlab gitlab < 15.9.7 Yes
Application gitlab gitlab < 15.10.6 Yes
Application gitlab gitlab < 15.10.6 Yes
Application gitlab gitlab < 15.11.2 Yes
Application gitlab gitlab < 15.11.2 Yes

References