← Zuruck zu CVEs
CVE-2023-0756
MEDIUM4.8
Beschreibung
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.
CVE Details
CVSS v3.1 Bewertung4.8
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht5/3/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
gitlab:gitlab
Referenzen
https://gitlab.com/gitlab-org/gitlab/-/issues/390910(cve@gitlab.com)
https://hackerone.com/reports/1864278(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/390910(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1864278(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.