Home > Vulnerability Database > CVE-2023-6955

Mend.io Vulnerability Database

CVE-2023-6955

Date: January 12, 2024

An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

Language: Ruby

Severity Score

6.6

Related Resources (3)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/432188

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6955

Url: https://www.mend.io/vulnerability-database/CVE-2023-6955

Severity Score

6.6

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	6.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6955

Date: January 12, 2024

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?