CVSS 3.1 Score 4.3 of 10 (medium)


Published Sep 29, 2023
Updated: Oct 3, 2023
CWE ID 284


CVE-2023-5198 is a vulnerability discovered in GitLab that affects all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. The vulnerability allows a removed project member to write to protected branches using deploy keys. The base severity of this vulnerability is rated as MEDIUM with a base score of 4.3 according to the CVSS:3.1 scoring system, indicating a potential risk to organizations. The exploitability score is 2.8, and the privileges required are LOW with no user interaction required for exploitation. This vulnerability has a low attack complexity and impact on integrity and confidentiality of the affected systems is also low, but it poses a threat in terms of unauthorized access and potential malicious activities on protected branches within GitLab instances.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5198 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options