CVE-2023-1708
published 2023-04-05CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable…
PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.11%
61.8th percentile
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 1.0.0 < 15.8.5 | 15.8.5 |
| gitlab | gitlab | >= 15.9.0 < 15.9.4 | 15.9.4 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-phjw-j3fx-vxpj: An issue was identified in GitLab CE/EE affecting all versions from 1
ghsa_unreviewed·2023-04-05
CVE-2023-1708 [CRITICAL] CWE-77 GHSA-phjw-j3fx-vxpj: An issue was identified in GitLab CE/EE affecting all versions from 1
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
OSV
CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1
osv·2023-04-05·CVSS 9.8
CVE-2023-1708 [CRITICAL] CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
GitLab
CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-pr
vendor_gitlab·2023-04-05·CVSS 5.7
CVE-2023-1708 [MEDIUM] CWE-77 CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-pr
CVE-2023-1708: An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
Debian
CVE-2023-1708: gitlab - An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to...
vendor_debian·2023·CVSS 5.7
CVE-2023-1708 [MEDIUM] CVE-2023-1708: gitlab - An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to...
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
Checkpoint
26th February – Threat Intelligence Report
blogs_checkpoint·2024-02-26
CVE-2024-1708 26th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 26th February, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The American Prince George’s County Public Schools (PGCPS) has experienced a ransomware attack that compromised the personal data of nearly 100K individuals. The attack exposed individuals’ full names, financial account information, and Social Security Numbers. The Rhysida ransomware gang is reportedly responsible for t
Talos
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
blogs_talos·2023-03-30·CVSS 5.9
CVE-2023-24473 [MEDIUM] Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
Lilith >_> of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered three vulnerabilities in the OpenImageIO image-parsing library that many popular pieces of 3-D rendering software use.
OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.
Two of the vulnerabilities — TALOS-2023-1707 (CVE-2023-24473) and TALOS-2023-1708 (CVE-2023-22845) — could lead to the disclosure of sensitive information. An adversary could exploit these vulnerabilities by sending the target a specially crafted, malicious Targa (.tga) file.
TALOS-2023-1709 (CVE-2023-24472) is a denial-of-service vulnerability that is a continuation of TALOS-20
Talos
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
blogs_talos·2023-03-30·CVSS 5.9
[MEDIUM] Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
## Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
Lilith >_> of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered three vulnerabilities in the OpenImageIO image-parsing library that many popular pieces of 3-D rendering software use.
OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.
Two of the vulnerabilities — TALOS-2023-1707 (CVE-2023-24473) and TALOS-2023-1708 (CVE-2023-22845) — could lead to the disclosure of sensitive information. An adversary could exploit these vulnerabilities by sending the target a specially crafted, mal
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/387185https://hackerone.com/reports/1805604https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/387185https://hackerone.com/reports/1805604
2023-04-05
Published