CVE-2023-2030
published 2024-01-12CVE-2023-2030: An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an…
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.38%
30.3th percentile
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.6.5-3 (sid) | gitlab 16.6.5-3 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.2 < 16.5.6 | 16.5.6 |
| gitlab | gitlab | >= 12.2.0 < 16.5.6 | 16.5.6 |
| gitlab | gitlab | >= 16.6 < 16.6.4 | 16.6.4 |
| gitlab | gitlab | >= 16.6.0 < 16.6.4 | 16.6.4 |
| gitlab | gitlab | >= 16.7 < 16.7.2 | 16.7.2 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2023-2030: An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which
vendor_gitlab·2024-01-12·CVSS 3.5
CVE-2023-2030 [LOW] CWE-347 CVE-2023-2030: An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which
CVE-2023-2030: An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
Debian
CVE-2023-2030: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 pr...
vendor_debian·2023·CVSS 3.5
CVE-2023-2030 [LOW] CVE-2023-2030: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 pr...
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
Scope: local
sid: resolved (fixed in 16.6.5-3)
GHSA
GHSA-797c-p7mm-pf4h: An issue has been discovered in GitLab CE/EE affecting all versions from 12
ghsa_unreviewed·2024-01-12
CVE-2023-2030 [LOW] CWE-345 GHSA-797c-p7mm-pf4h: An issue has been discovered in GitLab CE/EE affecting all versions from 12
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
OSV
CVE-2023-2030: An issue has been discovered in GitLab CE/EE affecting all versions from 12
osv·2024-01-12·CVSS 5.3
CVE-2023-2030 [MEDIUM] CVE-2023-2030: An issue has been discovered in GitLab CE/EE affecting all versions from 12
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
No detection rules found.
2024-01-12
Published