CVE-2023-5356NVD

Vulnerability Summary

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

Severity Level

HIGH(7.3)

Published Date

Jan 12, 2024

Last Modified

Apr 28, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.07%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredHigh

User InteractionRequired

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityNone

External References

https://gitlab.com/gitlab-org/gitlab/-/issues/427154
https://hackerone.com/reports/2188868

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2023-5356NVD

Vulnerability Summary

External References