Vulnerability Database

317,577

Total vulnerabilities in the database

CVE-2023-5061

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.

Published: Dec 15, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-5061
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
gitlab / gitlab	16.6.0	16.6.2
gitlab / gitlab	16.5.0	16.5.4
gitlab / gitlab	9.3.0	16.4.4

https://gitlab.com/gitlab-org/gitlab/-/issues/425521
https://hackerone.com/reports/2125189

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo