cbcvebase.
CVE-2023-2013
published 2023-06-07

CVE-2023-2013: An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all…

PriorityP420medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.69%
48.3th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

Affected

25 ranges
VendorProductVersion rangeFixed in
debiangitlab< gitlab 15.10.8+ds1-2 (sid)gitlab 15.10.8+ds1-2 (sid)
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab>= 1.2.0 < 15.10.815.10.8
gitlabgitlab>= 15.11.0 < 15.11.715.11.7
gitlabgitlab>= 16.0.0 < 16.0.216.0.2
gitlabgitlab_ce
happywormjplayer>= 0 < 2.3.02.3.0
msrcmicrosoft_365_apps
msrcmicrosoft_office_2019
msrcmicrosoft_office_ltsc
msrcmicrosoft_office_ltsc_2021
msrcmicrosoft_office_online_server
msrcmicrosoft_office_web_apps_server_2013_service_pack_1
msrcmicrosoft_sharepoint_enterprise_server_2013_service_pack_1
msrcmicrosoft_sharepoint_enterprise_server_2016
msrcmicrosoft_sharepoint_foundation_2013_service_pack_1
msrcmicrosoft_sharepoint_server_2019
msrcmicrosoft_sharepoint_server_subscription_edition
msrcmicrosoft_word_2013_rt_service_pack_1
msrcmicrosoft_word_2013_service_pack_1
msrcmicrosoft_word_2016
msrcsharepoint_server_subscription_edition_language_pack

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
cisa8.8HIGH
vendor_msrc9.8CRITICAL
vendor_redhat5.5MEDIUM
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.