8

CVE-2023-0756

EPSS 0.19%
Veröffentlicht 03.05.2023 22:15:16
Zuletzt bearbeitet 21.11.2024 07:37:45
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab Version < 15.9.6

Gitlab ≫ Gitlab Version >= 15.10 < 15.10.5

Gitlab ≫ Gitlab Version >= 15.11 < 15.11.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.415

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
cve@gitlab.com	4.8	1.2	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/390910

Broken Link

https://hackerone.com/reports/1864278

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-0756

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0756

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0756

EUVD