CVE-2023-1178
Published May 3, 2023
Last updated 2 years ago
Overview
- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.7
- Impact score
- 3.6
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C649F4ED-B614-4133-853F-12DE8FD60E37",
"versionEndExcluding": "15.9.6",
"versionStartIncluding": "8.6.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C77C875-FEA0-43C4-B7B7-9EA1C6473C69",
"versionEndExcluding": "15.9.6",
"versionStartIncluding": "8.6.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "128CE092-2826-422E-BE7A-D2DDE15FAFC3",
"versionEndExcluding": "15.10.5",
"versionStartIncluding": "15.10"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A0D75F4-8D11-4C69-B761-3312B5CDFCE2",
"versionEndExcluding": "15.10.5",
"versionStartIncluding": "15.10"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8959805-2A8C-48BE-A0C2-8A1B1049826B",
"versionEndExcluding": "15.11.1",
"versionStartIncluding": "15.11"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7B0DA1F-87DA-411A-8C20-3BF410B6EDB8",
"versionEndExcluding": "15.11.1",
"versionStartIncluding": "15.11"
}
],
"operator": "OR"
}
]
}
]