Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0069
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Gitlab. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 16.6.6
- GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.4
- GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.8.x antérieures à 16.8.1
L'éditeur a corrigé la vulnérabilité critique CVE-2024-0402 dans la version 16.5.8. Celle-ci ne bénéficie pas des correctifs de sécurité pour les autres vulnérabilités.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eGitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.6.6\u003c/li\u003e \u003cli\u003eGitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.7.x ant\u00e9rieures \u00e0 16.7.4\u003c/li\u003e \u003cli\u003eGitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.8.x ant\u00e9rieures \u00e0 16.8.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur a corrig\u00e9 la vuln\u00e9rabilit\u00e9 critique CVE-2024-0402 dans la version 16.5.8. Celle-ci ne b\u00e9n\u00e9ficie pas des correctifs de s\u00e9curit\u00e9 pour les autres vuln\u00e9rabilit\u00e9s.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5933"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2024-0402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0402"
},
{
"name": "CVE-2023-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41056"
},
{
"name": "CVE-2023-5612",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5612"
},
{
"name": "CVE-2024-0456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0456"
},
{
"name": "CVE-2023-6159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6159"
}
],
"initial_release_date": "2024-01-26T00:00:00",
"last_revision_date": "2024-01-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0069",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Gitlab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Gitlab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Gitlab du 25 janvier 2024",
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
}
]
}
CVE-2024-0456 (GCVE-0-2024-0456)
Vulnerability from cvelistv5
Published
2024-01-26 01:02
Modified
2025-05-29 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Summary
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #430726",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430726"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:52:46.854334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:17:26.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.6.6",
"status": "affected",
"version": "14.0",
"versionType": "semver"
},
{
"lessThan": "16.7.4",
"status": "affected",
"version": "16.7",
"versionType": "semver"
},
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to [Niklas](https://gitlab.com/Taucher2003) for reporting this vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T22:56:39.536Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #430726",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430726"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above"
}
],
"title": "Direct Request (\u0027Forced Browsing\u0027) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0456",
"datePublished": "2024-01-26T01:02:43.953Z",
"dateReserved": "2024-01-12T08:02:33.279Z",
"dateUpdated": "2025-05-29T15:17:26.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5933 (GCVE-0-2023-5933)
Vulnerability from cvelistv5
Published
2024-01-26 01:02
Modified
2025-05-22 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #430236",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236"
},
{
"name": "HackerOne Bug Bounty Report #2225710",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2225710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5933",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:00:09.174638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T15:00:22.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.6.6",
"status": "affected",
"version": "13.7",
"versionType": "semver"
},
{
"lessThan": "16.7.4",
"status": "affected",
"version": "16.7",
"versionType": "semver"
},
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T04:09:49.342Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #430236",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236"
},
{
"name": "HackerOne Bug Bounty Report #2225710",
"tags": [
"technical-description",
"exploit",
"permissions-required",
"broken-link"
],
"url": "https://hackerone.com/reports/2225710"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above."
}
],
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-5933",
"datePublished": "2024-01-26T01:02:58.931Z",
"dateReserved": "2023-11-02T15:01:52.148Z",
"dateUpdated": "2025-05-22T04:09:49.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41056 (GCVE-0-2023-41056)
Vulnerability from cvelistv5
Published
2024-01-10 15:59
Modified
2025-06-17 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.15",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.15"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.2.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.2.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:41:47.275229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:42:05.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.9, \u003c 7.0.15"
},
{
"status": "affected",
"version": "\u003e= 7.2.0, \u003c 7.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-762",
"description": "CWE-762: Mismatched Memory Management Routines",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T16:05:54.365Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.15"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.2.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.2.4"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
}
],
"source": {
"advisory": "GHSA-xr47-pcmx-fq2m",
"discovery": "UNKNOWN"
},
"title": "Redis vulnerable to integer overflow in certain payloads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41056",
"datePublished": "2024-01-10T15:59:36.752Z",
"dateReserved": "2023-08-22T16:57:23.934Z",
"dateUpdated": "2025-06-17T14:42:05.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0402 (GCVE-0-2024-0402)
Vulnerability from cvelistv5
Published
2024-01-26 01:02
Modified
2025-06-03 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #437819",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0402",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T18:01:24.319017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T18:01:33.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.5.8",
"status": "affected",
"version": "16.0",
"versionType": "semver"
},
{
"lessThan": "16.6.6",
"status": "affected",
"version": "16.6",
"versionType": "semver"
},
{
"lessThan": "16.7.4",
"status": "affected",
"version": "16.7",
"versionType": "semver"
},
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability has been discovered internally by GitLab team member [joernchen](https://gitlab.com/joernchen)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:54.380Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #437819",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6, 16.5.8 or above."
}
],
"title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0402",
"datePublished": "2024-01-26T01:02:39.052Z",
"dateReserved": "2024-01-10T16:30:43.698Z",
"dateUpdated": "2025-06-03T18:01:33.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6159 (GCVE-0-2023-6159)
Vulnerability from cvelistv5
Published
2024-01-26 02:02
Modified
2025-06-09 20:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Summary
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #431924",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431924"
},
{
"name": "HackerOne Bug Bounty Report #2251278",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2251278"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T16:56:36.041200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T20:45:42.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.6.6",
"status": "affected",
"version": "12.7",
"versionType": "semver"
},
{
"lessThan": "16.7.4",
"status": "affected",
"version": "16.7",
"versionType": "semver"
},
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T04:10:09.365Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #431924",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431924"
},
{
"name": "HackerOne Bug Bounty Report #2251278",
"tags": [
"technical-description",
"exploit",
"permissions-required",
"broken-link"
],
"url": "https://hackerone.com/reports/2251278"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above."
}
],
"title": "Inefficient Regular Expression Complexity in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-6159",
"datePublished": "2024-01-26T02:02:29.909Z",
"dateReserved": "2023-11-15T18:00:57.865Z",
"dateUpdated": "2025-06-09T20:45:42.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5612 (GCVE-0-2023-5612)
Vulnerability from cvelistv5
Published
2024-01-26 02:02
Modified
2025-05-22 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #428441",
"tags": [
"issue-tracking",
"permissions-required",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428441"
},
{
"name": "HackerOne Bug Bounty Report #2208790",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2208790"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:-:*:*:*:-:*:*:*"
],
"defaultStatus": "unknown",
"product": "gitlab",
"vendor": "gitlab",
"versions": [
{
"lessThan": "16.6.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "16.7.4",
"status": "affected",
"version": "16.7",
"versionType": "semver"
},
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.8",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T18:55:24.572021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T15:14:36.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.6.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "16.7.4",
"status": "affected",
"version": "16.7",
"versionType": "semver"
},
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [erruqill](https://hackerone.com/erruqill) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T04:09:36.364Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"name": "GitLab Issue #428441",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428441"
},
{
"name": "HackerOne Bug Bounty Report #2208790",
"tags": [
"technical-description",
"exploit",
"permissions-required",
"broken-link"
],
"url": "https://hackerone.com/reports/2208790"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above."
}
],
"title": "Missing Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-5612",
"datePublished": "2024-01-26T02:02:39.783Z",
"dateReserved": "2023-10-17T11:30:31.181Z",
"dateUpdated": "2025-05-22T04:09:36.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45322 (GCVE-0-2023-45322)
Vulnerability from cvelistv5
Published
2023-10-06 00:00
Modified
2024-09-19 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344"
},
{
"name": "[oss-security] 20231006 CVE-2023-45322: Use-after-free in libxml2 through 2.11.5",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/06/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:12:15.161434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:12:42.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor\u0027s position is \"I don\u0027t think these issues are critical enough to warrant a CVE ID ... because an attacker typically can\u0027t control when memory allocations fail.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T23:06:15.711947",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344"
},
{
"name": "[oss-security] 20231006 CVE-2023-45322: Use-after-free in libxml2 through 2.11.5",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/06/5"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45322",
"datePublished": "2023-10-06T00:00:00",
"dateReserved": "2023-10-06T00:00:00",
"dateUpdated": "2024-09-19T18:12:42.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…