Home > Vulnerability Database > CVE-2023-6955

Mend.io Vulnerability Database

CVE-2023-6955

Good to know:

Date: January 12, 2024

An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

Language: Ruby

Severity Score

5.3

Related Resources (3)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/432188

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6955

Url: https://www.mend.io/vulnerability-database/CVE-2023-6955

Severity Score

5.3

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v16.5.6,v16.6.4,v16.7.2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6955

Good to know:

Date: January 12, 2024

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?