CVE-2023-5356: Incorrect Authorization in GitLab

First published: Fri Jan 12 2024(Updated: )

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

Credit: cve@gitlab.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/remedy
• agent/weakness
• agent/title
• agent/author
• agent/type
• agent/first-publish-date
• agent/news-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• agent/description
• collector/nvd-api
• source/NVD
• agent/severity
• agent/softwarecombine
• collector/the-register
• source/The Register
• alias/CVE-2023-7028
• agent/references
• agent/tags
• agent/event
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/trending
• vendor/gitlab
• canonical/gitlab community edition
• version/gitlab community edition/16.7.2
• version/gitlab community edition/16.5.6
• version/gitlab community edition/16.6.4
• version/gitlab community edition/16.1.6
• version/gitlab community edition/16.2.9
• version/gitlab community edition/16.3.7
• canonical/gitlab enterprise edition
• version/gitlab enterprise edition/16.7.2
• version/gitlab enterprise edition/16.5.6
• version/gitlab enterprise edition/16.6.4
• version/gitlab enterprise edition/16.1.6
• version/gitlab enterprise edition/16.2.9
• version/gitlab enterprise edition/16.3.7