Lucene search

[email protected]NVD:CVE-2023-0508

HistoryJun 07, 2023 - 5:15 p.m.

CVE-2023-0508

2023-06-0717:15:09

[email protected]

web.nvd.nist.gov

gitlab

open redirection

http response splitting

npm package api

cve-2023-0508

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.1

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.

Affected configurations

Nvd

Node

gitlabgitlabRange15.4.0–15.10.8community

gitlabgitlabRange15.4.0–15.10.8enterprise

gitlabgitlabRange15.11.0–15.11.7community

gitlabgitlabRange15.11.0–15.11.7enterprise

gitlabgitlabRange16.0.0–16.0.2community

gitlabgitlabRange16.0.0–16.0.2enterprise

VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::community:::*
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json

gitlab.com/gitlab-org/gitlab/-/issues/389328

hackerone.com/reports/1842314

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.1

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Related for NVD:CVE-2023-0508

osv2 debiancve1 cve1 nessus2 cvelist1 veracode1 prion1 ubuntucve1 freebsd1