CVE-2023-4700

low-risk

Published 2023-11-06

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

NETWORK / HIGH complexity

Affected Products (2)

Gitlab

Affected Vendors

Gitlab

References (4)

Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/421937

Permissions Required https://hackerone.com/reports/2129826

Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/421937

Permissions Required https://hackerone.com/reports/2129826

/ 100

low-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 7/34 · Low