CVE-2023-0508

Published at:
2023-06-07T17:15:09.823
Source: [email protected]

Global infos:

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.

CVE Status: Modified

References:

  • [email protected]
  • [email protected]
  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
  • 134c704f-9b21-4f2e-91b3-4a467353bcc0
    •

    Metrics:

    AttributeValue
    Attack ComplexityHIGH
    Attack VectorNETWORK
    Availability ImpactNONE
    Base Score3.1
    Base SeverityLOW
    Confidentiality ImpactNONE
    Integrity ImpactLOW
    Privileges RequiredNONE
    ScopeUNCHANGED
    User InteractionREQUIRED
    Vector StringCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
    Exploitability Score1.6
    Impact Score1.4
    Source[email protected]
    TypeSecondary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords