This vulnerability has been officially identified as CVE-2023-4998, and it carries a severity score of 9.6. It impacts several versions of GitLab software, including GitLab Community Edition (CE) and Enterprise Edition (EE) versions 13.12 through 16.2.7, as well as versions 16.3 through 16.3.4.
According to a report by BleepingComputer, threat actors could misuse this vulnerability to impersonate users without their knowledge or consent, potentially gaining unauthorized access to sensitive information, running malicious code, altering data, or initiating specific actions within the GitLab system. Given GitLab’s critical role as a code management platform, this vulnerability could lead to dire consequences, including intellectual property theft, data breaches, supply chain attacks, and more, as reported by the publication.
