An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/406844 | Broken Link |
https://hackerone.com/reports/1940441 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jun 2023, 01:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/406844 - Broken Link | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json - Vendor Advisory | |
References | (MISC) https://hackerone.com/reports/1940441 - Permissions Required, Third Party Advisory | |
First Time |
Gitlab
Gitlab gitlab |
07 Jun 2023, 17:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 17:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-2013
Mitre link : CVE-2023-2013
CVE.ORG link : CVE-2023-2013
JSON object : View
Products Affected
gitlab
- gitlab
CWE