VYPR
Unrated severityNVD Advisory· Published Jan 12, 2024· Updated May 1, 2026

Missing Authorization in GitLab

CVE-2023-6955

Description

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 0
    • (no CPE)range: <16.5.6, >=16.6 <16.6.4, >=16.7 <16.7.2
  • osv-coords
    Range: < 16.5.6

Patches

Vulnerability mechanics

References

1

News mentions

1