An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/389328 | Broken Link |
https://hackerone.com/reports/1842314 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jun 2023, 01:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab
Gitlab gitlab |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
CWE | NVD-CWE-Other | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/389328 - Broken Link | |
References | (MISC) https://hackerone.com/reports/1842314 - Permissions Required, Third Party Advisory | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json - Vendor Advisory |
07 Jun 2023, 17:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 17:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-0508
Mitre link : CVE-2023-0508
CVE.ORG link : CVE-2023-0508
JSON object : View
Products Affected
gitlab
- gitlab
CWE