Lucene search

[email protected]NVD:CVE-2023-31485

HistoryApr 29, 2023 - 12:15 a.m.

CVE-2023-31485

2023-04-2900:15:09

CWE-295

[email protected]

web.nvd.nist.gov

gitlab

api

tls

certificate

verification

vulnerability

machine-in-the-middle

attacks

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.6%

JSON

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

Affected configurations

NVD

Node

gitlab\\Matchapi\\v4_projectgitlab\\api\\

References

www.openwall.com/lists/oss-security/2023/04/29/1

www.openwall.com/lists/oss-security/2023/05/03/3

www.openwall.com/lists/oss-security/2023/05/03/5

www.openwall.com/lists/oss-security/2023/05/07/2

blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/

github.com/bluefeet/GitLab-API-v4/pull/57

github.com/chansen/p5-http-tiny/pull/151

www.openwall.com/lists/oss-security/2023/04/18/14

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.6%

JSON

Related for NVD:CVE-2023-31485

veracode1 debiancve1 ubuntucve1 osv1 prion1 cvelist1 cve1