CVE-2023-3401

An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 4.8
References () https://gitlab.com/gitlab-org/gitlab/-/issues/416252 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/416252 - Broken Link
References () https://hackerone.com/reports/2031845 - Permissions Required () https://hackerone.com/reports/2031845 - Permissions Required

04 Aug 2023, 20:03

Type Values Removed Values Added
References (MISC) https://hackerone.com/reports/2031845 - (MISC) https://hackerone.com/reports/2031845 - Permissions Required
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/416252 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/416252 - Broken Link
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
First Time Gitlab
Gitlab gitlab

02 Aug 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-02 09:15

Updated : 2024-11-21 08:17


NVD link : CVE-2023-3401

Mitre link : CVE-2023-3401

CVE.ORG link : CVE-2023-3401


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')