CVE-2023-2232
published 2023-06-28CVE-2023-2232: An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
PriorityP334medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.61%
73.0th percentile
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.4.4+ds2-2 (sid) | gitlab 16.4.4+ds2-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.10 < 16.1 | 16.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_redhat7.8HIGH
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: powerpc/rtas_flash: allow user copy to flash block cache objects
vendor_redhat·2025-10-01·CVSS 7.8
CVE-2023-53487 [HIGH] CWE-276 kernel: powerpc/rtas_flash: allow user copy to flash block cache objects
kernel: powerpc/rtas_flash: allow user copy to flash block cache objects
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas_flash: allow user copy to flash block cache objects
With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the
/proc/powerpc/rtas/firmware_update interface to prepare a system
firmware update yields a BUG():
kernel BUG at mm/usercopy.c:102!
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in:
CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2
Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries
NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000
REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.
GitLab
CVE-2023-2232: An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
vendor_gitlab·2023-06-28·CVSS 6.5
CVE-2023-2232 [MEDIUM] CWE-1333 CVE-2023-2232: An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
CVE-2023-2232: An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
Debian
CVE-2023-2232: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.1...
vendor_debian·2023·CVSS 6.5
CVE-2023-2232 [MEDIUM] CVE-2023-2232: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.1...
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
GHSA
GHSA-85vj-ffxc-x8w8: An issue has been discovered in GitLab affecting all versions starting from 15
ghsa_unreviewed·2023-06-28
CVE-2023-2232 [MEDIUM] CWE-1333 GHSA-85vj-ffxc-x8w8: An issue has been discovered in GitLab affecting all versions starting from 15
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
OSV
CVE-2023-2232: An issue has been discovered in GitLab affecting all versions starting from 15
osv·2023-06-28·CVSS 6.5
CVE-2023-2232 [MEDIUM] CVE-2023-2232: An issue has been discovered in GitLab affecting all versions starting from 15
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
No detection rules found.
No public exploits indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2232.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/408352https://hackerone.com/reports/1934802https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2232.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/408352https://hackerone.com/reports/1934802
2023-06-28
Published