CVE-2023-1708 — Command Injection in Gitlab

CWE-77 — Command Injection CWE-94 — Code Injection8 documents7 sources

Severity

9.8CRITICALNVD

EPSS

4.5%

top 10.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedApr 5

Description

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDgitlab/gitlab1.0.0 — 15.8.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=1.0, <15.8.5, >=15.10, <15.10.1, >=15.9, <15.9.4+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-phjw-j3fx-vxpj: An issue was identified in GitLab CE/EE affecting all versions from 1↗2023-04-05

▶

OSV

CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1↗2023-04-05

▶

📋Vendor Advisories

GitLab

CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-pr↗2023-04-05

▶

Debian

CVE-2023-1708: gitlab - An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to...↗2023

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser↗2023-03-30

▶

Talos

Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser↗2023-03-30

▶