VDB
CVE-2023-5356
CVE-2023-5356
PUBLISHED
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.
EPSS 0.07% · 20.7th percentile
Risk Scores
EPSS Score
0.07%
20.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 8.13.0, 16.6.0, 16.7.0 |
| Bitnami | gitlab | 16.6.0, 16.7.0, 8.13.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-5356 (circl-sighting)
- CIRCL seen: CVE-2023-5356 (circl-sighting)
- CIRCL seen: CVE-2023-5356 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-5356 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-5356 (circl-sighting)
- CIRCL seen: CVE-2023-5356 (circl-sighting)
- CIRCL seen: CVE-2023-5356 (circl-sighting)
- CIRCL seen: CVE-2023-5356 (circl-sighting)
- CIRCL seen: CVE-2023-5356 (circl-sighting)
- CIRCL seen: CVE-2023-5356 (circl-sighting)
…and 5 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Jan 11, 2024 CVE Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 13, 2024 PoC Published
- Jan 14, 2024 PoC Published
- Jan 15, 2024 PoC Published
- Jan 15, 2024 PoC Published
- Jan 17, 2024 EPSS Score
- Jan 18, 2024 PoC Published