CVE-2023-0155 — Open Redirect in Gitlab

CWE-601 — Open Redirect5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 65.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedMay 3

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:LExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶NVDgitlab/gitlab15.9 — 15.9.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=15.7, <15.8.5, >=15.8, <15.9.4, >=15.9, <15.10.1+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2023-0155: An issue has been discovered in GitLab CE/EE affecting all versions before 15↗2023-05-03

▶

GHSA

GHSA-qch9-vmv9-f8v6: An issue has been discovered in GitLab CE/EE affecting all versions before 15↗2023-05-03

▶

📋Vendor Advisories

GitLab

CVE-2023-0155: An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitra↗2023-05-03

▶

Debian

CVE-2023-0155: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.8....↗2023

▶