CVE-2023-1178
MEDIUM severity · CVSS 5.7 · Code injection
5.7CVSS MEDIUM
Summary
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionRequired
Confidentiality impactNone
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)9%
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.jsonAdvisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/381815
- https://hackerone.com/reports/1778009Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.jsonAdvisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/381815
- https://hackerone.com/reports/1778009Advisory