Improper access control vulnerability in GitLab EE - CVE-2023-5009 (rpm)ID: oval:org.secpod.oval:def:93289 | Date: (C)2023-09-22 (M)2023-11-06 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab EE 13.12 before 16.2.7, or 16.3 before 16.3.4 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle the Direct transfers and Security policies features. Successful exploitation could allow attackers to run pipelines as an arbitrary user via scheduled security scan policies.