CVE-2023-2013 — UI Misrepresentation / Clickjacking in Gitlab
CWE-1021 — UI Misrepresentation / ClickjackingCWE-284 — Improper Access ControlCWE-918 — Server-Side Request ForgeryCWE-476 — NULL Pointer DereferenceCWE-94 — Code InjectionCWE-190 — Integer Overflow or WraparoundCWE-601 — Open RedirectCWE-79 — Cross-site ScriptingCWE-502 — Deserialization of Untrusted Data21 documents12 sources
Severity
4.3MEDIUMNVD
CISA8.8
EPSS
0.2%
top 55.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 7
Latest updateMay 2
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages21 packages
🔴Vulnerability Details
3📋Vendor Advisories
8GitLab▶
CVE-2023-2013: An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7,↗2023-06-07
💬Community
1Bugzilla▶
CVE-2013-1942 CVE-2013-2023 CVE-2013-2022 owncloud: multiple XSS flaws in included Jplayer.as [fedora-all]↗2013-08-22