CVE Vulnerabilities

CVE-2023-0756

Published: May 03, 2023 | Modified: May 09, 2023
CVSS 3.x
8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab * 15.9.6 (excluding)
Gitlab Gitlab 15.10 (including) 15.10.5 (excluding)
Gitlab Gitlab 15.11 (including) 15.11.1 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu trusty *
Gitlab Ubuntu xenial *

References