CVE-2023-0508

2023-06-0700:00:00

ubuntu.com

gitlab

ce/ee

open redirection

http

response splitting

npm package api

unix

cve-2023-0508

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

47.2%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions
starting from 15.4 before 15.10.8, all versions starting from 15.11 before
15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection
was possible via HTTP response splitting in the NPM package API.