Unrated severityNVD Advisory· Published Jan 12, 2024· Updated May 1, 2026
Missing Authorization in GitLab
CVE-2023-6955
Description
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 0
- (no CPE)range: <16.5.6, >=16.6 <16.6.4, >=16.7 <16.7.2
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/432188mitreissue-trackingpermissions-required
News mentions
1- GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6GitLab Security Releases · Jan 11, 2024