CVE-2023-6955

Description

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

CVSS Version 3.1

nvd
CVE ID: CVE-2023-6955
Base Score: 5.3
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 3.9

gitlab
CVE ID: CVE-2023-6955
Base Score: 6.6
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
Impact Score: 4.7
Exploitability Score: 1.3

Refrence: NVD MITRE

Description​

Description