CVE-2023-0155

Published: May 3, 2023Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 15.8.5
Gitlab Gitlab	From 15.10 to 15.10.1
Gitlab Gitlab	From 15.9 to 15.9.5
Gitlab Gitlab	Before 15.8.5
Gitlab Gitlab	From 15.10 to 15.10.1
Gitlab Gitlab	From 15.9 to 15.9.5

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/387638

Source: cve@gitlab.com

ExploitThird Party Advisory

https://hackerone.com/reports/1817250

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/387638

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://hackerone.com/reports/1817250

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.