CVE-2023-5106

HIGH 8.2

Incorrect Authorization in GitLab

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

12th

An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.

CWE	CWE-863
Vendor	gitlab
Product	gitlab
Ecosystems	DevTools
Industries	Technology
Published	Oct 2, 2023
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for gitlab gitlab

Be the first to know when new high vulnerabilities affecting gitlab gitlab are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

GitLab / GitLab

13.12 < 16.2.8 16.3.0 < 16.3.5 16.4.0 < 16.4.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gitlab.com: https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3 gitlab.com: https://gitlab.com/gitlab-org/security/gitlab/-/issues/980

Credits

This vulnerability has been discovered internally by GitLab team member Joern Schneeweisz