{"id":"CVE-2023-5356","summary":"Incorrect Authorization in GitLab","details":"Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.","aliases":["BIT-gitlab-2023-5356"],"modified":"2026-04-10T05:06:57.379954Z","published":"2024-01-12T13:56:51.714Z","database_specific":{"cwe_ids":["CWE-863"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5356.json","cna_assigner":"GitLab"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5356.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5356"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/427154"},{"type":"REPORT","url":"https://hackerone.com/reports/2188868"},{"type":"PACKAGE","url":"git://git@gitlab.com:gitlab-org/gitlab.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"294482f38388542b43b908dcb427759544a7486f"},{"fixed":"328c57b01842700127bb3d1302f5b5b967fa4442"}],"database_specific":{"versions":[{"introduced":"8.13"},{"fixed":"16.5.6"}]}},{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"94991886af3e3820aa09fa353b29cf8557c93168"},{"fixed":"1873157df5a1e602741dc5fbe790db81888baea4"}],"database_specific":{"versions":[{"introduced":"16.6"},{"fixed":"16.6.4"}]}},{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"9e7d34f7ff11405ece06ec398b66965d153cee6f"},{"fixed":"847f5d82ad6aa1208a61fee603fc0e0ce1786f19"}],"database_specific":{"versions":[{"introduced":"16.7"},{"fixed":"16.7.2"}]}}],"versions":["v16.6.0-ee","v16.7.0-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5356.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"}]}