Unrated severityNVD Advisory· Published Dec 15, 2023· Updated May 2, 2026
Missing Authorization in GitLab
CVE-2023-5061
Description
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 9.3
- (no CPE)range: >=9.3, <16.4.4 || >=16.5, <16.5.4 || >=16.6, <16.6.2
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/2125189mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/425521mitreissue-trackingpermissions-required
News mentions
1- GitLab Security Release: 16.6.2, 16.5.4, 16.4.4GitLab Security Releases · Dec 13, 2023