CVE-2023-5995: 
GitLab vulnerability analysis and mitigation

An issue was discovered in GitLab Enterprise Edition (EE) affecting versions from 16.2 before 16.4.3, versions from 16.5 before 16.5.3, and versions from 16.6 before 16.6.1, identified as CVE-2023-5995. The vulnerability allowed attackers to abuse the policy bot functionality to gain unauthorized access to internal projects (GitLab Security Release, NVD).

The vulnerability stems from an implementation flaw where policy bots were created as regular users instead of external users, thus granting them access to internal projects. The issue has a CVSS v3.1 base score of 7.5 (HIGH) according to NVD's assessment, while GitLab Inc. rated it as 4.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability allowed external users to gain unauthorized access to internal projects through the abuse of policy bots. An attacker with external access could clone internal projects using a policy bot, which also provided access to a limited API set. To exploit this vulnerability, an attacker needed to be an owner of a project, or if the bot already existed in the project, only maintainer access was required (GitLab Issue).

The vulnerability has been patched in GitLab versions 16.4.3, 16.5.3, and 16.6.1. The fix involved modifying the policy bot creation process to ensure bots are created as external users, preventing them from accessing internal projects. Users are strongly recommended to upgrade to the patched versions (GitLab Security Release).