Lucene search

Veracode Vulnerability DatabaseVERACODE:42179

HistoryAug 06, 2023 - 6:57 a.m.

Authorization Bypass

2023-08-0606:57:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

vulnerability

authorization

bypass

software

overwriting

control

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

40.2%

JSON

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs when GitLab pulls a tag or a release containing a ref to another commit. If the commit is valid, GitLab could be tricked into overwriting the original commit with the malicious commit which could allow the attacker to gain control of the GitLab repository.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json

gitlab.com/gitlab-org/gitlab/-/issues/381815

hackerone.com/reports/1778009

security-tracker.debian.org/tracker/CVE-2023-1178

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for VERACODE:42179