Lucene search

GoogleOSV:BIT-GITLAB-2023-1708

HistoryMar 06, 2024 - 11:10 a.m.

BIT-gitlab-2023-1708

2024-03-0611:10:48

Google

osv.dev

gitlab

vulnerability

non-printable characters

unexpected commands

software

security issue

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.

CPENameOperatorVersion
gitlablt15.8.5
gitlabge1.0.0
gitlable15.10.0
gitlablt15.9.4
gitlabge15.10.0
gitlabge15.9.0

Name	Operator	Version
gitlab	lt	15.8.5
gitlab	ge	1.0.0
gitlab	le	15.10.0
gitlab	lt	15.9.4
gitlab	ge	15.10.0
gitlab	ge	15.9.0

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json

gitlab.com/gitlab-org/gitlab/-/issues/387185

hackerone.com/reports/1805604

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for OSV:BIT-GITLAB-2023-1708