CVE-2023-5198 is a medium-severity vulnerability identified in GitLab, a widely used web-based DevOps lifecycle tool that provides source code repository management, CI/CD pipelines, and more. The vulnerability is classified under CWE-863, which pertains to incorrect authorization. Specifically, this flaw allows a removed project member to retain write access to protected branches via deploy keys. Deploy keys are SSH keys that grant access to repositories, typically used for automation or integration purposes. The issue affects all GitLab versions prior to 16.2.7, versions from 16.3 up to but not including 16.3.5, and versions from 16.4 up to but not including 16.4.1. The vulnerability arises because the authorization logic does not properly revoke deploy key permissions when a project member is removed, enabling unauthorized code changes to protected branches. The CVSS v3.1 base score is 4.3, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This means the vulnerability can be exploited remotely over the network with low attack complexity, requires low privileges (a removed member), no user interaction, and impacts integrity but not confidentiality or availability. No known exploits are reported in the wild yet. The flaw could allow malicious actors who were previously project members to inject unauthorized code into critical branches, potentially undermining the integrity of the software development lifecycle and introducing backdoors or vulnerabilities into production code.

For European organizations relying on GitLab for software development and deployment, this vulnerability poses a risk to the integrity of their codebases. Unauthorized write access to protected branches can lead to the introduction of malicious code, which may propagate through CI/CD pipelines into production environments. This can result in compromised applications, data breaches, or service disruptions. The impact is particularly significant for organizations in regulated sectors such as finance, healthcare, and critical infrastructure, where software integrity is paramount. Additionally, organizations with large or dynamic teams that frequently add and remove members are at higher risk, as the flaw specifically involves permissions not being revoked upon member removal. The vulnerability could also affect open-source projects hosted on self-managed GitLab instances in Europe, potentially impacting a wide range of downstream users and organizations.

European organizations should immediately verify their GitLab version and upgrade to the patched versions: 16.2.7 or later for versions prior to 16.3, 16.3.5 or later for the 16.3 series, and 16.4.1 or later for the 16.4 series. In addition to patching, organizations should audit deploy key usage and permissions, ensuring that deploy keys associated with removed members are revoked or rotated. Implement strict access management policies that include automated revocation of all credentials and keys upon member removal. Employ monitoring and alerting on changes to protected branches, enabling rapid detection of unauthorized commits. Consider implementing branch protection rules that require multiple approvals or use signed commits to increase the difficulty of unauthorized changes. For organizations using GitLab SaaS, verify that the service provider has applied the necessary patches. Finally, conduct a thorough review of recent commits to protected branches for suspicious activity that may have exploited this vulnerability prior to patching.