An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/394770 | Issue Tracking Vendor Advisory |
https://hackerone.com/reports/1887323 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
08 Oct 2024, 19:07
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/394770 - Issue Tracking, Vendor Advisory |
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-601 |
03 Oct 2023, 19:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab
Gitlab gitlab |
|
References | (MISC) https://hackerone.com/reports/1887323 - Permissions Required | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/394770 - Broken Link | |
CWE | CWE-74 | |
CPE | cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
29 Sep 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-29 08:15
Updated : 2024-10-08 19:07
NVD link : CVE-2023-3922
Mitre link : CVE-2023-3922
CVE.ORG link : CVE-2023-3922
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')