vulnerability

Gitlab: CVE-2023-5356: Slack/Mattermost integrations can be abused to execute slash commands as another user

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jan 11, 2024	Jan 12, 2024	Jan 22, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 11, 2024

Added

Jan 12, 2024

Modified

Jan 22, 2024

Description

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse Slack/Mattermost integrations to execute slash commands as another user

Solution

gitlab-upgrade-latest

References

CVE-2023-5356
https://attackerkb.com/topics/CVE-2023-5356
URL-https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today