CVE-2023-6955 MEDIUM

CVE-2023-6955: Missing Authorization in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-862 · Missing authorization
Published January 12, 2024
Last update June 15, 2026
View on NVD All CVEs

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 15, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action CVE-2026-1935 Company Posts for LinkedIn <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Deletion CVE-2022-31765 CVE-2026-32381 WordPress App Landing Page theme <= 1.2.2 - Broken Access Control vulnerability