← Back

CVE-2023-7045

nvd nist
Published: May 23, 2024Modified: Dec 16, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 13.11.0 to 16.10.6
Gitlab
From 16.11.0 to 16.11.3
Gitlab
From 13.11.0 to 16.10.6
Gitlab
From 16.11.0 to 16.11.3
Gitlab
Version 17.0.0
Gitlab
Version 17.0.0

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: cve@gitlab.com
ExploitIssue Tracking
Source: cve@gitlab.com
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required

Timeline

No history available yet.