An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/406764 | Broken Link |
https://hackerone.com/reports/1908423 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jun 2023, 01:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/406764 - Broken Link | |
References | (MISC) https://hackerone.com/reports/1908423 - Permissions Required, Third Party Advisory | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Gitlab
Gitlab gitlab |
07 Jun 2023, 17:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 17:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-2001
Mitre link : CVE-2023-2001
CVE.ORG link : CVE-2023-2001
JSON object : View
Products Affected
gitlab
- gitlab
CWE